W. Michael Petullo
mike at flyn.org
Tue Nov 9 13:23:05 EST 2010
>> I am interested in developing a krb5 1.8 plugin that announces a login
>> using D-Bus. I'd like to have other daemons use this information to
>> perform various actions to prepare an environment for the use by a user.
> Can you explain, independent of the idea of plugins, what behavior you
> want the Kerberos library to exhibit? The Kerberos library is typically
> used by a system's login process, but does not control it, so there is
> not necessarily a good integration point for announcing a login. It's
> possible that what you want is a PAM module.
> Your question does point out that we could benefit from a central list
> of pluggable interfaces for developers.
The network I support is a heterogenous collection of machines,
otherwise targetting PAM might make sense (I've done PAM modules in the
past). What is consistent is that all machines are configured to use
krb5 for authentication. This is why I am considering working at the
point of issuing Kerberos credentials. There are local accounts too, but
a login to one of these would not need to be announced -- the evironment
preparation would not be required in their case.
More information about the krbdev