pam-krb5 3.6 released

Sam Hartman hartmans at MIT.EDU
Wed Sep 19 16:33:58 EDT 2007


>>>>> "Russ" == Russ Allbery <rra at stanford.edu> writes:

    Russ> There is a request for some way of verifying tickets against
    Russ> a keytab that isn't readable by the user who is running the
    Russ> program that is doing ticket verification, which is useful
    Russ> in some specific limited situations on multi-user machines


I think that's a mischaracterization of the problem.  You need this
whenever you have a service that needs to verify passwords but that
cannot be trusted with a Kerberos key of its own.  It seems like
that's going to be much more common than just xscreensaver.




More information about the Kerberos mailing list