[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Kerberos 5 and easing the transition



I'd be interested in kerberos 5 PAM modules as well.  I've had to hack
login, ftpd, rexecd, xlock, etc. for 4 UNIX variants.  PAM solves that
problem.

We've gone through the same transition as you (well, actually twice.
Once from NIS to nonstandard homebrew kerberos 4 and again from
kerberos 4 to kerberos 5.  We're almost done with the second
transition.)  It's been quite a ride.

Isaac

>>>>> "Nick" == Nick Kralevich <nickkral@ferrari.autobahn.org> writes:

    Nick> Is there an FTP site that has ALL the modules?  

    Nick> We are in the process of converting from a UNIX flat password list
    Nick> (/etc/passwd) to Kerberos 5.  Here are the million dollar questions:

    Nick> In the "pam modules under development", there is the following entry

    Nick>      pam_kerberos: Kerberos authentication scheme; 
    Nick>      Theodore Y. Ts'o <tytso@mit.edu> 
    Nick>      Another implementation has been written for Kerberos 4 authentication 
    Nick>      Derrick J Brashear <shadow+@andrew.cmu.edu> 

    Nick> Has this module been released yet?  

    Nick> Is there any tool or PAM module to aid in the transition from the UNIX
    Nick> password format to Kerberos 5 passwords?  I'm thinking about writing a PAM
    Nick> password module that adds the password to the kerberos database if no
    Nick> kerberos password already exists, then marking the user as changed and
    Nick> deleting their UNIX password in /etc/passwd. 

    Nick> Take care,
    Nick> -- Nick Kralevich
    Nick>    nickkral@autobahn.org



    Nick> --
    Nick> To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []