[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM and Kerberos



Right. If telnetd keeps the file open it doesn't have to know what user
owns it. It can find out with fstat(), or it can ignore the problem
altogether:

 - if telnetd can update the credential file in place, and the file
   name itself is never replaced with a new inode then telnetd need not
   even know who should own the file;

 - if telnetd keeps the credentials cache file open then it need not
   worry about the original filename being changed;

 - if the cache file is ever replaced with a new inode by the libraries
   (I don't think so, I'd have to go look at the source), then telnetd
   can figure it out by using a link count heuristic on the open file
   descriptor;

Telnetd can keep up, as long as cache file renaming and replacement are
not mixed.

Nico


On Tue, Aug 15, 2000 at 12:14:20PM -0400, Jeffrey Altman wrote:
> telnetd does know the filename but it does not know which user the
> file should be owned by.
> 
> > 
> > Could telnetd create the cache file and keep it open, thus obviating the
> > need for it to know its future file name? Or perhaps an open Unix socket
> > that PAM_KRB5 could use to communicate back to telnetd.
> > 
--





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []