Solaris ssh pam_krb

Will Fiveash William.Fiveash at
Wed Mar 29 16:24:24 EST 2006

On Wed, Mar 29, 2006 at 10:02:54AM -0600, Douglas E. Engert wrote:
> If you really wanted to get this to work better, add a parameter
> on to your pam_krb5 to support this, and have it set the KRB5CCNAME.

Suggestion noted.

> Another problem is that only the gssapi is exposed, and not the underlying
> Krb5 API. We do have a few programs that need this but most are still
> on Solaris 9 and we have been able to use the Opensolaris krb5 header
> files from ./usr/src/uts/common/gssapi/mechs/krb5/include
> and link against the /usr/lib/gss/

Note that this is unsupported on Solaris at this time.  One of the main
reasons that Sun exposed the libgss API and not the krb API is API
stability.  Sun tries hard to provide stable programming interfaces to
protect customer investment in software.  Note though that Sun is
working on exposing the Krb5 API.

Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)

More information about the Kerberos mailing list