Will the Real get-a-tgt-with-a-password Function Please Stand Up?
Henry B. Hotz
hotz at jpl.nasa.gov
Sat Jun 4 16:16:43 EDT 2005
On Jun 3, 2005, at 10:51 AM, Sam Hartman wrote:
> I believe both MIT and Heimdal support krb5_get_init_creds and
> krb5_verify_init_creds. Heimdal has an additional convenience
> function.
>
> Note that calling verify_init_creds is mandatory for secure operation
> if you are checking for local access.
Does verify_init_creds call k5userOK (which IIRC is where the check of
~/.k5login file happens)?
The application is on a Solaris server where the users in question
don't have local accounts. If I want to use the installed Sun Kerberos
do I have an alternative to using PAM?
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the krbdev
mailing list