[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM and Kerberos



On Mon, Aug 21, 2000 at 02:32:30PM -0400, Jeffrey Altman wrote:
> > Yes, but I'm assuming that PAM will take the world by storm and
> > /bin/login will be doing the right thing everywhere. :)
> 
> I can't make this assumption.  I have to assume that the machines I am
> working with can be upto 20 years old and won't have PAM support.
> 
> > In fact, MIT's telnetd, if modified to call /bin/login with -f
> > <username> when doing valid authentication, should work.
> 
> Unfortunately, we can't rely on /bin/login supporting -f and even if
> we did /bin/login would not know how to handle the tickets.  That is
> why I need to build the functionality into telnetd.  But I can't only
> support the PAM extensions you want to create.  I need to secure that
> machines that have been deployed over the last couple of decades.
> They aren't just going to go away.

Gee. I have the same problem.

Actually, we're paying the vendor to port LinuxPAM to such a legacy
platform and PAMify various bits of it. Yes, patches, if there are any,
will be contributed to LinuxPAM.

LinuxPAM is reasonably portable; heck, it has little Linux-spacific code
in the framework and even pam_unix, though some of the modules included
with it are probably not so portable.

>                   Jeffrey Altman * Sr.Software Designer
>                  The Kermit Project * Columbia University
>                612 West 115th St * New York, NY * 10025 * USA
>      http://www.kermit-project.org/ * kermit-support@kermit-project.org


Nico
--





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []