From owner-freebsd-security@FreeBSD.ORG Mon Dec 1 08:45:24 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7DE3416A4CF for ; Mon, 1 Dec 2003 08:45:24 -0800 (PST) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3014744008 for ; Mon, 1 Dec 2003 08:45:22 -0800 (PST) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) hB1GjIHL000710; Mon, 1 Dec 2003 16:45:18 GMT (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost)hB1GjIcQ000709; Mon, 1 Dec 2003 16:45:18 GMT (envelope-from mark@grondar.org) X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1])hB18x2Dw094198; Mon, 1 Dec 2003 08:59:02 GMT (envelope-from mark@grondar.org) Message-Id: <200312010859.hB18x2Dw094198@grimreaper.grondar.org> To: =?koi8-r?B?5MXK1MXSIOHMxcvTwc7E0iD3wczF0snF18ne?= From: Mark Murray In-Reply-To: Your message of "Fri, 28 Nov 2003 14:56:27 +0300." <02be01c3b5a6$a78a8ea0$b901320a@komi.mts.ru> Date: Mon, 01 Dec 2003 08:59:02 +0000 Sender: mark@grondar.org X-Spam-Status: No, hits=-1.0 required=5.0 tests=IN_REP_TO,QUOTED_EMAIL_TEXT version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: freebsd-security@freebsd.org Subject: Re: Kerberized applications in FreeBSD 5.x X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Dec 2003 16:45:24 -0000 =?koi8-r?B?5MXK1MXSIOHMxcvTwc7E0iD3wczF0snF18ne?= writes: > In FreeBSD 5.x only telnet/telnetd works 'out of box' with kerberos. > Why ftp/ftpd, ssh/sshd and cvs do not support kerberos ? You need to turn it obn by hand in /etc/pam.d/*. Its not on by default, because that would cause nasty delays in PAM. M -- Mark Murray iumop ap!sdn w,I idlaH