Kerberos Server Implementation
Russ Allbery
eagle at eyrie.org
Fri Jan 21 14:19:16 EST 2022
Charles Hedrick <hedrick at rutgers.edu> writes:
> This is a client-server pair designed to create home directories for
> users. When you’re using kerberized NFS the normal pam_mkhomedir won’t
> work, because it assumes that root can create directories in the file
> system. With kerberized NFS, root has no special privileges. So we have
> a pam_kmkhomedir that calls a process on the file server to do the
> creation.
> If I were doing it again, I’d probably write it using GSSAPI rather than
> a basic Kerberos client / server. Then I could write the server as a web
> service in python and use libcurl on the client side. Unfortunately it
> doesn’t seem to be practical to write a pam module in anything other
> than C, but with libcurl all the GSSAPi stuff is handled by the
> library. If the client isn’t a pam module, it’s easy enough to write a
> GSSAPI client in python. (I can give you example client-server if you
> need it.)
You may also be interested in remctl, which is designed to do this sort of
thing.
https://www.eyrie.org/~eagle/software/remctl/
--
Russ Allbery (eagle at eyrie.org) <https://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list