Will the Real get-a-tgt-with-a-password Function Please Stand Up?
Nicolas.Williams at sun.com
Sun Jun 5 21:03:07 EDT 2005
On Sun, Jun 05, 2005 at 12:16:25AM -0700, Henry B. Hotz wrote:
> On Jun 4, 2005, at 3:31 PM, Nicolas Williams wrote:
> >On Sat, Jun 04, 2005 at 01:16:43PM -0700, Henry B. Hotz wrote:
> >>The application is on a Solaris server where the users in question
> >>don't have local accounts. If I want to use the installed Sun
> >>do I have an alternative to using PAM?
> >What version of Solaris are you using? Why wouldn't you want to use
> >stock pam_krb5?
> Because I'm a BSD Bigot (TM) and I don't believe in PAM? ;-)
> More seriously, because it's Solaris 8 and, if I have to do anything to
> the mail server's LDAP plug-in, I want to use something better than
> single-DES. Jeffrey Altman seems to have finished talking them into
> installing an up-to-date Kerberos distribution and doing away with the
> ancient Kludge that just broke. I also suspect I can't make pam_krb5
> talk to a thread-unique memory cache.
"Thread-unique"? Or per-session? If you need features that Solaris
lacks I'd like to hear about it. (MIT might want us to take this
> I said I liked what you did in Solaris 10 and I meant it. I'm not
> quite so happy with what's in Solaris 8-9 though.
Thanks. Sun put a lot of effort into revamping Solaris' krb5 support
for S10. I'm glad it shows.
More information about the krbdev