Date: Tue, 3 Sep 2013 13:37:57 +0400 From: Slawa Olhovchenkov <slw@zxy.spb.ru> To: Dag-Erling Sm??rgrav <des@des.no> Cc: freebsd-security@FreeBSD.org Subject: Re: OpenSSH, PAM and kerberos Message-ID: <20130903093756.GG3796@zxy.spb.ru> In-Reply-To: <86y57euu8y.fsf@nine.des.no> References: <86d2ovy64p.fsf@nine.des.no> <20130830100926.GU3796@zxy.spb.ru> <20130830103009.GV3796@zxy.spb.ru> <86sixrwdcv.fsf@nine.des.no> <20130830131455.GW3796@zxy.spb.ru> <8661uj9lc6.fsf@nine.des.no> <20130902181754.GD3796@zxy.spb.ru> <867geywdfc.fsf@nine.des.no> <20130903083301.GF3796@zxy.spb.ru> <86y57euu8y.fsf@nine.des.no>
index | next in thread | previous in thread | raw e-mail
On Tue, Sep 03, 2013 at 11:31:09AM +0200, Dag-Erling Sm??rgrav wrote: > Slawa Olhovchenkov <slw@zxy.spb.ru> writes: > > Dag-Erling Sm??rgrav <des@des.no> writes: > > > The proper solution would be an identification and authentication daemon > > > with a well-designed RPC interface and mechanisms for transferring > > > environment variables, descriptors and credentials from the daemon to > > > the application (in this case, sshd). > > I think this is impossible, because credentials for pam_krb5 is simple > > pointer to internal blob's with unknown size, structure and links with > > other elements. > > When I spoke of passing credentials, I meant process credentials, not > the cached Kerberos credentials - which the application does not need > anyway. See SCM_CREDS in recv(2) for further information. And how in this case can be resolved situation with PAM credentials (Kerberos credentials in may case)?home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130903093756.GG3796>