ftpd and AFS tickets
Douglas E. Engert
deengert at anl.gov
Tue Apr 23 14:58:09 EDT 2002
Can you say who the author is? I would like to see this in
1.2.5 or the following release. We could reomve our mods from
ftpd which in effect call ak5log.
Sam Hartman wrote:
>
> >>>>> "Ken" == Ken Hornstein <kenh at cmf.nrl.navy.mil> writes:
>
> >> Currently I'm using SSH with GSSAPI and pam_krb5 support. In
> >> /etc/profile (and/or pam config for ssh) I'm getting the AFS
> >> token, so it's possible to use AFS as home when doing
> >> interactive logins with SSH.
>
> Ken> But if you're doing GSSAPI, then pam is never being invoked,
> Ken> right? Are users typing cleartext passwords inside of ssh?
>
> No, the setcred, account and session steps still get called.
>
> I have a PAM module that calls aklog -setpag for the Debian AFS stuff.
> IT avoids me having to have Kerberos depend on AFS.
>
> Unfortunately MIT's ftpd and login.krb5 are not PAM aware. We've
> received a patch to add this support; the author of the patch was
> given commit access, but hasn't gotten around to integrating changes.
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list