[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM and Kerberos



So? If you're forwarding a TGT why would you then run kinit?

Is that the only time that the cache file is replaced rather than being
edited in place?

Nico


On Tue, Aug 15, 2000 at 12:43:11PM -0400, Jeffrey Altman wrote:
> Unfortunately, the cache file is replaced by a new inode by the
> libraries when kinit() is run.
> 
> > 
> > Right. If telnetd keeps the file open it doesn't have to know what user
> > owns it. It can find out with fstat(), or it can ignore the problem
> > altogether:
> > 
> >  - if telnetd can update the credential file in place, and the file
> >    name itself is never replaced with a new inode then telnetd need not
> >    even know who should own the file;
> > 
> >  - if telnetd keeps the credentials cache file open then it need not
> >    worry about the original filename being changed;
> > 
> >  - if the cache file is ever replaced with a new inode by the libraries
> >    (I don't think so, I'd have to go look at the source), then telnetd
> >    can figure it out by using a link count heuristic on the open file
> >    descriptor;
> > 
> > Telnetd can keep up, as long as cache file renaming and replacement are
> > not mixed.
> > 
> > Nico
> > 
> > 
> > On Tue, Aug 15, 2000 at 12:14:20PM -0400, Jeffrey Altman wrote:
> > > telnetd does know the filename but it does not know which user the
> > > file should be owned by.
> > > 
> > > > 
> > > > Could telnetd create the cache file and keep it open, thus obviating the
> > > > need for it to know its future file name? Or perhaps an open Unix socket
> > > > that PAM_KRB5 could use to communicate back to telnetd.
> > > > 
> > --
> > 
> 
> 
> 
>                   Jeffrey Altman * Sr.Software Designer
>                  The Kermit Project * Columbia University
>                612 West 115th St * New York, NY * 10025 * USA
>      http://www.kermit-project.org/ * kermit-support@kermit-project.org
> 
--





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []