Date: Thu, 21 Oct 1999 10:44:21 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: security@freebsd.org Subject: Kerberos integration into ports--in particular, SSH Message-ID: <Pine.BSF.3.96.991021104015.47188E-100000@fledge.watson.org>
next in thread | raw e-mail | index | archive | help
It looks like many ports still don't use PAM for authentication. This is not something I have time to address, it's just a comment that it would be nice if now that we have PAM, things used PAM :-). Also, it's a little funky to have an /etc/auth.conf and a /etc/pam.conf -- auth.conf seems only to affect su? The real gist of my email is that I'd like to see the K4 patches incorporated into the SSH port when the user has K4 enabled into /etc/make.conf, or if they give a particular command line argument. The SSH K4 patches (with AFS, etc) are found at: http://www.monkey.org/~dugsong/ssh-afs/ The 1.2.27 patch applies cleanly and easily over 1.2.27, although it seems not to be compatible with our local patches in the ports tree--I assume just includes and weird things with the patches covering the same area, but I haven't checked. To enable K4 support, you just do --with-krb4 on configure, and it works. This adds support for authenticating logins using passed authenticators, ticket-passing with AFS, autologin using .klogin as with rsh, etc. Very convenient. :-) I suppose the ideal solution is we go to K5 sometime soon and then the support is built-in? Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.991021104015.47188E-100000>