Will the Real get-a-tgt-with-a-password Function Please Stand Up?
Henry B. Hotz
hotz at jpl.nasa.gov
Sun Jun 5 03:16:25 EDT 2005
On Jun 4, 2005, at 3:31 PM, Nicolas Williams wrote:
> On Sat, Jun 04, 2005 at 01:16:43PM -0700, Henry B. Hotz wrote:
>>
>> The application is on a Solaris server where the users in question
>> don't have local accounts. If I want to use the installed Sun
>> Kerberos
>> do I have an alternative to using PAM?
>
> What version of Solaris are you using? Why wouldn't you want to use
> the
> stock pam_krb5?
Because I'm a BSD Bigot (TM) and I don't believe in PAM? ;-)
More seriously, because it's Solaris 8 and, if I have to do anything to
the mail server's LDAP plug-in, I want to use something better than
single-DES. Jeffrey Altman seems to have finished talking them into
installing an up-to-date Kerberos distribution and doing away with the
ancient Kludge that just broke. I also suspect I can't make pam_krb5
talk to a thread-unique memory cache.
I said I liked what you did in Solaris 10 and I meant it. I'm not
quite so happy with what's in Solaris 8-9 though.
> Nico
> --
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the krbdev
mailing list