Will the Real get-a-tgt-with-a-password Function Please Stand Up?

Henry B. Hotz hotz at jpl.nasa.gov
Mon Jun 6 02:41:50 EDT 2005 

Rereading, even my "serious" answer is kind of flip.  I owe you a  
better one, which relates to my dislike of the complexity that PAM  
engenders.  (And it engenders it in precisely the part of the system  
that ought to be kept simple for auditing purposes.)  I am to some  
extent just being a curmudgeon, but I think there is a point to be  
made.

Trying to relate my concerns to actual concrete situations can get  
complex too.  As implied, this situation has other issues that trump  
the whole PAM vs ordinary library issue.

On Jun 5, 2005, at 12:16 AM, Henry B. Hotz wrote:

> On Jun 4, 2005, at 3:31 PM, Nicolas Williams wrote:
>
>> On Sat, Jun 04, 2005 at 01:16:43PM -0700, Henry B. Hotz wrote:
>>>
>>> The application is on a Solaris server where the users in question
>>> don't have local accounts.  If I want to use the installed Sun  
>>> Kerberos
>>> do I have an alternative to using PAM?
>>
>> What version of Solaris are you using?  Why wouldn't you want to use  
>> the
>> stock pam_krb5?
>
> Because I'm a BSD Bigot (TM) and I don't believe in PAM?  ;-)
>
> More seriously, because it's Solaris 8 and, if I have to do anything  
> to the mail server's LDAP plug-in, I want to use something better than  
> single-DES.  Jeffrey Altman seems to have finished talking them into  
> installing an up-to-date Kerberos distribution and doing away with the  
> ancient Kludge that just broke.  I also suspect I can't make pam_krb5  
> talk to a thread-unique memory cache.
>
> I said I liked what you did in Solaris 10 and I meant it.  I'm not  
> quite so happy with what's in Solaris 8-9 though.
>
>> Nico
>> --  
> ----------------------------------------------------------------------- 
> -----
> The opinions expressed in this message are mine,
> not those of Caltech, JPL, NASA, or the US Government.
> Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
>
>
------------------------------------------------------------------------ 
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu

More information about the krbdev mailing list