Date: Tue, 03 Sep 2013 13:27:04 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Slawa Olhovchenkov <slw@zxy.spb.ru> Cc: freebsd-security@FreeBSD.org Subject: Re: OpenSSH, PAM and kerberos Message-ID: <86li3euovr.fsf@nine.des.no> In-Reply-To: <20130903095316.GH3796@zxy.spb.ru> (Slawa Olhovchenkov's message of "Tue, 3 Sep 2013 13:53:16 %2B0400") References: <20130830103009.GV3796@zxy.spb.ru> <86sixrwdcv.fsf@nine.des.no> <20130830131455.GW3796@zxy.spb.ru> <8661uj9lc6.fsf@nine.des.no> <20130902181754.GD3796@zxy.spb.ru> <867geywdfc.fsf@nine.des.no> <20130903083301.GF3796@zxy.spb.ru> <86y57euu8y.fsf@nine.des.no> <20130903093756.GG3796@zxy.spb.ru> <86ppsqutw7.fsf@nine.des.no> <20130903095316.GH3796@zxy.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Slawa Olhovchenkov <slw@zxy.spb.ru> writes: > Dag-Erling Sm=C3=B8rgrav <des@des.no> writes: > > Slawa Olhovchenkov <slw@zxy.spb.ru> writes: > > > And how in this case can be resolved situation with PAM credentials > > > (Kerberos credentials in may case)? > > The application does not need them. > I need them. I need single sign-on, I need enter password only once, > at login time and use this credentials to login to other host and use > Kerberosed NFS w/o entering password. The application does not need pam_krb5's temporary credential cache. It is only used internally. Single sign-on is implemented by storing your credentials in a *permanent* credential cache (either a file or KCM) which is independent of the PAM session and the application. The location of the permanent credential cache is exported to the application through the KRB5CCNAME environment variable. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86li3euovr.fsf>