OpenSSH with Wilkinson patch on Mac OS X 10.2
smichaud at pobox.com
Mon Sep 30 10:27:00 EDT 2002
On Sun, 29 Sep 2002, Sam Hartman wrote:
> One annoying problem is that you really want the credentials to be
> written out before PAM modules are called so that PAM modules can use
> the credentials. However you also want PAM to run as root for most of
> its activity; I am not quite sure that the requirements of having PAM
> run as root and having the credentials written out after setuid() can
> both be satisfied.
> So, you may have to have a different code path on OSX than on other
> PAM-using operating systems.
So PAM can make use of forwarded GSSAPI/Kerberos credentials? Can it
do so on OS X? If so, where does it ususally look for them?
More information about the krbdev