Date: Thu, 07 Dec 2000 02:05:10 CST From: Chris Csanady <ccsanady@iastate.edu> To: "Jacques A. Vidrine" <n@nectar.com> Cc: freebsd-hackers@freebsd.org Subject: Re: PAM issues.. Message-ID: <200012070805.CAA20128@isua3.iastate.edu> In-Reply-To: Your message of Wed, 06 Dec 2000 20:14:38 -0600. <20001206201438.B64751@spawn.nectar.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>On Thu, Dec 07, 2000 at 12:06:46AM +0000, Chris wrote: >> Hi, I have been writing a PAM module to do Kerberos 5 and AFS stuff, and >> have run across a couple of problems. > >Have you looked at ports/security/pam_krb5, by the way? This does >Kerberos 5, but not AFS. IIRC, this module will authenticate you, but will not get you tickets. I think this was because the tickets are stored using pam_setcred(), hence my question. I haven't looked at it for a while though--its possible the situation has changed. Anyways, what I have written gets Kerb 5 tickets, converts them to v4, and then adds the token after setting up a PAG. Basically, what the mit aklog does, but it actually compiles and works with our kafs library. >> The next is pam_setcred(). I've noticed that this is not actually >> called from login/etc, so it doesn't do much good. Is this >> intentional? Not that it matters much, for anything other than >> compatibility with other modules. > >Patching login et. al. to call pam_setcred is trivial. The only reason I >haven't done so yet is because pam_setcred is all but useless. :-) I'm >enclosing a previous message that I sent to the FreeBSD PAM maintainer >(ok well it went to jdp first and then later to markm) to explain more >fully. None of us have had time to address it yet, and this appears to >be a bug in Linux-PAM (which is the implementation we use). I figured it was something along these lines. :) I realize the pam_setcred is about useless, but it would be nice to have session support. Anyways, thanks for the pointer. Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012070805.CAA20128>