Will the Real get-a-tgt-with-a-password Function Please Stand Up?

Henry B. Hotz hotz at jpl.nasa.gov
Sun Jun 5 03:16:25 EDT 2005

On Jun 4, 2005, at 3:31 PM, Nicolas Williams wrote:

> On Sat, Jun 04, 2005 at 01:16:43PM -0700, Henry B. Hotz wrote:
>> The application is on a Solaris server where the users in question
>> don't have local accounts.  If I want to use the installed Sun  
>> Kerberos
>> do I have an alternative to using PAM?
> What version of Solaris are you using?  Why wouldn't you want to use  
> the
> stock pam_krb5?

Because I'm a BSD Bigot (TM) and I don't believe in PAM?  ;-)

More seriously, because it's Solaris 8 and, if I have to do anything to  
the mail server's LDAP plug-in, I want to use something better than  
single-DES.  Jeffrey Altman seems to have finished talking them into  
installing an up-to-date Kerberos distribution and doing away with the  
ancient Kludge that just broke.  I also suspect I can't make pam_krb5  
talk to a thread-unique memory cache.

I said I liked what you did in Solaris 10 and I meant it.  I'm not  
quite so happy with what's in Solaris 8-9 though.

> Nico
> --  
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu

More information about the krbdev mailing list