Fw: SSO with telnet/rlogin/rsh

Russ Allbery rra at stanford.edu
Tue Jan 15 13:52:27 EST 2008


"Douglas E. Engert" <deengert at anl.gov> writes:

> From a Kerberos prospective both could be correct. Using the process ID
> as part of the cache name allows for session based credentials, so each
> telnet session has its own cache.

telnetd should include both the UID and the PID in the cache name.  This
works much more smoothly with rpc.gssd and is what I do in pam-krb5.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list