Openssh, kerberos and Solaris 10
Nicolas Williams
Nicolas.Williams at sun.com
Wed Aug 9 16:18:28 EDT 2006
On Wed, Aug 09, 2006 at 02:55:05PM -0500, Douglas E. Engert wrote:
> Nicolas Williams wrote:
> >gss_store_cred() is a KITTEN WG work item.
> >
> >__gss_userok() is not; should it be?
>
> I would say yes. Every service needs to do this, and use the GSS creds
> to test if it can use the local resource. So it in that regards it is
> generic.
Hmmm. We're working to push authorization of GSS-API principals and
handling of delegated credentials to PAM. So, we're working to make
public gss_userok() and gss_store_cred() interfaces unnecessary...
More information about the Kerberos
mailing list