From owner-freebsd-hackers  Tue Aug 17 16:22:22 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
	id B321B15860; Tue, 17 Aug 1999 16:22:21 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id A54A41CD8A8; Tue, 17 Aug 1999 16:22:21 -0700 (PDT)
	(envelope-from kris@hub.freebsd.org)
Date: Tue, 17 Aug 1999 16:22:21 -0700 (PDT)
From: Kris Kennaway <kris@hub.freebsd.org>
To: "Matthew N. Dodd" <winter@jurai.net>
Cc: Mark Murray <mark@grondar.za>, freebsd-hackers@FreeBSD.ORG
Subject: Re: Kerberos 5 integration. 
In-Reply-To: <Pine.BSF.4.10.9908171748020.4840-100000@sasami.jurai.net>
Message-ID: <Pine.BSF.4.10.9908171620180.97758-100000@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 17 Aug 1999, Matthew N. Dodd wrote:

> I'm still a bit confused about PAM though.  While it is possible to do
> what kinit does and verify a password, the real reason we like kerberos is
> because we don't have to enter passwords; we get a ticket and the server
> verifies that the ticket is valid.  How exactly does this fit in the PAM
> model?

At a guess, it is given your username, obtains the ticket from wherever
that is stored locally and goes off and verifies it against the server. If
the server comes back affirmative, it grants you access.

Kris



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message