apache & Kerberos

John Rudd jrudd at ucsc.edu
Wed Aug 6 17:59:40 EDT 2003

Frank Cusack wrote:
> On Tue, 5 Aug 2003 16:40:22 +0000 (UTC) hartmans at mit.edu (Sam Hartman) wrote:
> > It seems kind of unfortunate that you're combining these two modules.
> > It seems that I'd really rather use PAM or pubcookie for my password
> > auth and then GSS-based stuff for native Kerberos.
> At the risk of just doing a 'me too', I agree.  These should be different
> modules.  They do completely different things.

I'll provide a dissenting opinion.

I've had many problems with PAM modules here (under Solaris 8).  Having
a setup with an application or server/service that can handle something
like username+password authentication against an external authentication
service, while the underlying OS remains completely ignorant, is not
just "fine with me", it is an attractive feature.  Here, they're grouped
by relevence to kerberos as the external authentication service, whether
it's auth via kerb ticket or auth via kerb principle+passphrase.

More information about the Kerberos mailing list