From owner-freebsd-security Thu Oct 21 12:16: 7 1999 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 8096914CC4; Thu, 21 Oct 1999 12:16:06 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 62E231CD434; Thu, 21 Oct 1999 12:16:06 -0700 (PDT) (envelope-from kris@hub.freebsd.org) Date: Thu, 21 Oct 1999 12:16:06 -0700 (PDT) From: Kris Kennaway To: Robert Watson Cc: security@freebsd.org Subject: Re: Kerberos integration into ports--in particular, SSH In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 21 Oct 1999, Robert Watson wrote: > It looks like many ports still don't use PAM for authentication. This is > not something I have time to address, it's just a comment that it would be > nice if now that we have PAM, things used PAM :-). I agree. Do you have a (partial) list of ports which can support this? > Also, it's a little funky to have an /etc/auth.conf and a > /etc/pam.conf -- auth.conf seems only to affect su? /etc/auth.conf is vestigial, I think. auth_list seems to duplicate the function of /etc/pam.conf, and the commented-out auth_default line (which is no longer valid - the auth_default stuff was removed) should be replaced by a login capability. > The real gist of my email is that I'd like to see the K4 patches > incorporated into the SSH port when the user has K4 enabled into > /etc/make.conf, or if they give a particular command line argument. The > SSH K4 patches (with AFS, etc) are found at: Did you suggest this to the maintainer (torstenb@FreeBSD.org)? Seems like it can't hurt. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message