which krb5 PAM module on Solaris 8?
Jason Prondak
jprondak at visualmedia.com
Sun Aug 3 22:09:50 EDT 2003
There is also the pam_krb5 module under the PAM project @ sf.net which was
tested heavily under solaris.
http://sourceforge.net/projects/pam/ (Check the CVS tree)
The pam module there was the work of Nicolas Williams, Jacques A.
Vidrine, Steve Langasek, Frank Cusack and a little of myself. It was based
on Frank Cusack initial pam_krb5 module. I impertiticulary am using it
under Solaris 2.6 since the vendor supplied pam_krb5 module that was
available at the time was to be desired. :) But the pam_krb5 module now
supplied with Solaris 8 and 9 is a better choice to use now. After filing
a few bug reports and having them fixed, everything is working fine,
eveh the passwd expiration problems that we had in Solaris 2.6. I
would hands down use the SUN PAM module now. We are in the process of
going to a stock SUN PAM/kerberos client install (minus kadmin of course
). And everything seems to work perfect right now.
As for the ldap stuff. Why not the pam_ldap supplied by SUN?
--jason
On Fri, 1 Aug 2003, GÁL Balázs wrote:
> Tim Mooney írta:
> > All-
> >
> > I'm looking for recommendations on which krb5 PAM module I should use
> > on a sparc box I'll be reinstalling with Solaris 2.8 in a couple weeks.
>
> pam-krb5.sf.net. This is an enhanced version of RedHat's pam_krb5.
> I will release rc8 in this weekend, it will contains many workarounds
> for the solaris pam implementation, so I recommend it.
>
> > I do understand the implications of using a krb5 PAM module to
> > authenticate services like telnet.
> >
> > I need a source-available module (so the stuff that's part of SEAM isn't
> > going to do it for me, I don't think), because I need to hack in some
> > calls to ldap, to check for authorization.
>
> Why dont use unix groups for authorization? There are few pam module now
> which implement authorization based on unix groups.
>
> balsa
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
More information about the Kerberos
mailing list