[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Kerberos and Hesiod?



>      I'm planning on setting up a small network of RedHat Linux boxes.
> I'd like them to use Kerberos V for user authentication, and Hesiod for
> all the uid/gid and /etc/passwd stuff.

I use RedHat and KerberosV5 too, so let me say some infos:

1. I read Johan's answer for it, and I agree: In my opinion it is NOT
   secure.
2. Use the old /etc/passwd instead ( with * in the passwd field ).
   This works for me.
3. The other possibility is to use the radius server for it ( It is
   written for doing the administartion for the users ). Since I don't use
   it I can't say more :(

> Is it possible to do this without
> having to bypass PAM at all?  I know there is a Kerb V module.  I've
> played with that along with the Kerberos rpms from replay, but never did
> get it working.  I suspect at least part of the problem was that the kerb5
> rpms put files in the wrong places, from the Kerb V PAM modules point of
> view.  I'm no stranger to Kerberos, but I'm not up to speed on the
> internals of PAM.  Any and all information would be appreciated.  I
> suppose if the necessary modules aren't available, I'll take a crack at
> writing them, but I really hope it doesn't come to that.  8)   

About the modules:

Naomaru Itoi wrote one but that one only do the authentication, and
nothing more. For more info on it have a look at 

http://www-personal.engin.umich.edu/~itoi/

So one of Kerberos' best thing ( namely to have to type the passwd
once ) is lost. I rewrote this module but unfortunately I haven't send any
patches to Naomaru ( This is for you, Naomaru: As soon as I can beautify
the sources I will do 8)  ), but if you want it I can send you the
modules in tar.gz and the KerberosV5 itself in rpm ( I build them, because
I discovered the problem of the config files too ). I hope you can use
them.

For more info feel free to send mail to me.


Nicolas
nicolas@tigris.ipari.vein.hu



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []