Will the Real get-a-tgt-with-a-password Function Please Stand Up?

Nicolas Williams Nicolas.Williams at sun.com
Sun Jun 5 21:03:07 EDT 2005

On Sun, Jun 05, 2005 at 12:16:25AM -0700, Henry B. Hotz wrote:
> On Jun 4, 2005, at 3:31 PM, Nicolas Williams wrote:
> >On Sat, Jun 04, 2005 at 01:16:43PM -0700, Henry B. Hotz wrote:
> >>
> >>The application is on a Solaris server where the users in question
> >>don't have local accounts.  If I want to use the installed Sun  
> >>Kerberos
> >>do I have an alternative to using PAM?
> >
> >What version of Solaris are you using?  Why wouldn't you want to use  
> >the
> >stock pam_krb5?
> Because I'm a BSD Bigot (TM) and I don't believe in PAM?  ;-)
> More seriously, because it's Solaris 8 and, if I have to do anything to  
> the mail server's LDAP plug-in, I want to use something better than  
> single-DES.  Jeffrey Altman seems to have finished talking them into  
> installing an up-to-date Kerberos distribution and doing away with the  
> ancient Kludge that just broke.  I also suspect I can't make pam_krb5  
> talk to a thread-unique memory cache.

"Thread-unique"?  Or per-session?  If you need features that Solaris
lacks I'd like to hear about it.  (MIT might want us to take this

> I said I liked what you did in Solaris 10 and I meant it.  I'm not  
> quite so happy with what's in Solaris 8-9 though.

Thanks.  Sun put a lot of effort into revamping Solaris' krb5 support
for S10.  I'm glad it shows.


More information about the krbdev mailing list