SEAM krb API
Jeffrey Altman
jaltman2 at nyc.rr.com
Tue Apr 20 14:33:51 EDT 2004
Wyllys Ingersoll wrote:
> krb5_kuserok is sort of an abberation. Its a weak attempt at
> an authorization interface. Its very easy to write your own
> non-KRB5-API dependent version of krb5_kuserok using just GSSAPI calls
> and standard C library functions.
>
> Obviously, you must assume some Kerberos knowledge in the gssapi
> app which is NOT a good thing, IMO, but it is certainly possible to
> write one that is not dependent on the KRB5 API and that will
> behave exactly like the one from the MIT code.
It also assumes that GSSAPI is how you access Kerberos 5 authentication
in all of your applications. I'm wondering, what do you recommend for
sites still using the r-cmds and telnet besides "don't do that"?
More information about the Kerberos
mailing list