OpenSSH, GSSAPI, and PAM
Jens Kleineheismann
jk at em.uni-karlsruhe.de
Tue Mar 18 05:33:48 EST 2003
Hi,
Nathan Ward <nward at esphion.com> wrote:
> [OpenSSH, PAM, aklog]
> I may have to hack up something to get a PAG, as IIRC the OpenAFS module
> does this in its 'auth' stuff, but thats ok.
pam_openafs-krb5.so execute 'aklog -setpag' either in the pam_sm_setcred
or in the pam_sm_open_session function.
> Is anyone doing something like this?
Yes, me :)
I have pam_krb5.so from Frank Cusack and pam_openafs-krb5.so from
Debian in my auth Stack.
Both modules are slightly patched, but nothing that impacts the auth
functionality.
But I had to compile openssh with -DHAVE_PAM_PUTENV, so that openssh
will set the KRB5CCACHE variable in the PAM environment.
regards,
Jens
Versions:
OpenSSH 3.4p1, Linux-PAM 0.75
--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS d- s-:-- a- C++(---) UL++++$ P@ L+++ E--- W(--) N++ o? K? w--- O
M- !V PS+++ PE Y+ PGP+ t 5- X- R* tv-- b++ DI-- D---- G e h++ !r !y
------END GEEK CODE BLOCK------
More information about the Kerberos
mailing list