pam-krb5 3.6 released
Sam Hartman
hartmans at MIT.EDU
Wed Sep 19 17:36:35 EDT 2007
>>>>> "Russ" == Russ Allbery <rra at stanford.edu> writes:
Russ> Sam Hartman <hartmans at mit.edu> writes:
>> I think that's a mischaracterization of the problem. You need
>> this whenever you have a service that needs to verify passwords
>> but that cannot be trusted with a Kerberos key of its own. It
>> seems like that's going to be much more common than just
>> xscreensaver.
Russ> True, although xscreensaver is the only practical case that
Russ> I've heard about so far. But I believe you that there are
Russ> probably more.
I wonder if krb5 should provide a setuid helper to do rd_req so that your keytab can be much more tightly controlled than your service?
More information about the Kerberos
mailing list