Will the Real get-a-tgt-with-a-password Function Please Stand Up?

Henry B. Hotz hotz at jpl.nasa.gov
Sat Jun 4 16:16:43 EDT 2005

On Jun 3, 2005, at 10:51 AM, Sam Hartman wrote:

> I believe both MIT and Heimdal support krb5_get_init_creds and
> krb5_verify_init_creds.  Heimdal has an additional convenience
> function.
> Note that calling verify_init_creds is mandatory for secure operation
> if you are checking for local access.

Does verify_init_creds call k5userOK (which IIRC is where the check of  
~/.k5login file happens)?

The application is on a Solaris server where the users in question  
don't have local accounts.  If I want to use the installed Sun Kerberos  
do I have an alternative to using PAM?
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu

More information about the krbdev mailing list