Solaris ssh pam_krb
greg@enjellic.com
greg at enjellic.com
Tue Apr 4 13:29:04 EDT 2006
On Mar 31, 8:22pm, Jeffrey Hutzelman wrote:
} Subject: Re: Solaris ssh pam_krb
> But in a multi-application PAG world, _no_ application can directly
> use the real PAG ID as an identifier, because it changes too much.
> Instead they need an application-specific identifier. That applies
> to encrypted filesystems, to AFS, and, I suspect, to NFS as well,
> though you might not yet recognize that.
An interesting comment.
Particularly given that notion that our open authorization
architecture was predicated on each 'service' having its own unique
identity.
Greg
}-- End of excerpt from Jeffrey Hutzelman
As always,
Dr. G.W. Wettstein, Ph.D. Enjellic Systems Development, LLC.
4206 N. 19th Ave. Specializing in information infra-structure
Fargo, ND 58102 development.
PH: 701-281-1686
FAX: 701-281-3949 EMAIL: greg at enjellic.com
------------------------------------------------------------------------------
"One uses power by grasping it lightly. To grasp with too much force
is to be taken over by power, thus becoming its victim."
-- Bene Gesserit Axiom
More information about the Kerberos
mailing list