which krb5 PAM module on Solaris 8?

Jason Prondak jprondak at visualmedia.com
Sun Aug 3 22:09:50 EDT 2003 

There is also the pam_krb5 module under the PAM project @ sf.net which was 
tested heavily under solaris.

http://sourceforge.net/projects/pam/ (Check the CVS tree)

The pam module there was the work of Nicolas Williams, Jacques A.  
Vidrine, Steve Langasek, Frank Cusack and a little of myself. It was based
on Frank Cusack initial pam_krb5 module. I impertiticulary am using it
under Solaris 2.6 since the vendor supplied pam_krb5 module that was
available at the time was to be desired. :) But the pam_krb5 module now
supplied with Solaris 8 and 9 is a better choice to use now. After filing
a few bug reports and having them fixed, everything is working fine, 
eveh the  passwd expiration problems that we had in Solaris 2.6. I
would hands down use the SUN PAM module now. We are in the process of
going to a stock SUN PAM/kerberos client install (minus kadmin of course
). And everything seems to work perfect right now.

As for the ldap stuff. Why not the pam_ldap supplied by SUN?

		--jason


 On Fri, 1 Aug 2003, GÁL Balázs wrote:

> Tim Mooney írta:
> > All-
> > 
> > I'm looking for recommendations on which krb5 PAM module I should use
> > on a sparc box I'll be reinstalling with Solaris 2.8 in a couple weeks.
> 
> pam-krb5.sf.net. This is an enhanced version of RedHat's pam_krb5.
> I will release rc8 in this weekend, it will contains many workarounds
> for the solaris pam implementation, so I recommend it.
> 
> > I do understand the implications of using a krb5 PAM module to
> > authenticate services like telnet.
> > 
> > I need a source-available module (so the stuff that's part of SEAM isn't
> > going to do it for me, I don't think), because I need to hack in some
> > calls to ldap, to check for authorization.
> 
> Why dont use unix groups for authorization? There are few pam module now
> which implement authorization based on unix groups.
> 
> balsa
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

More information about the Kerberos mailing list