OpenSSH with Wilkinson patch on Mac OS X 10.2

Steven Michaud smichaud at
Mon Sep 30 10:27:00 EDT 2002

On Sun, 29 Sep 2002, Sam Hartman wrote:

> ...
> One annoying problem is that you really want the credentials to be
> written out before PAM modules are called so that PAM modules can use
> the credentials.  However you also want PAM to run as root for most of
> its activity; I am not quite sure that the requirements of having PAM
> run as root and having the credentials written out after setuid() can
> both be satisfied.
> So, you may have to have a different code path on OSX than on other
> PAM-using operating systems.

So PAM can make use of forwarded GSSAPI/Kerberos credentials?  Can it
do so on OS X?  If so, where does it ususally look for them?

More information about the krbdev mailing list