[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM and Kerberos



Unfortunately, the cache file is replaced by a new inode by the
libraries when kinit() is run.

> 
> Right. If telnetd keeps the file open it doesn't have to know what user
> owns it. It can find out with fstat(), or it can ignore the problem
> altogether:
> 
>  - if telnetd can update the credential file in place, and the file
>    name itself is never replaced with a new inode then telnetd need not
>    even know who should own the file;
> 
>  - if telnetd keeps the credentials cache file open then it need not
>    worry about the original filename being changed;
> 
>  - if the cache file is ever replaced with a new inode by the libraries
>    (I don't think so, I'd have to go look at the source), then telnetd
>    can figure it out by using a link count heuristic on the open file
>    descriptor;
> 
> Telnetd can keep up, as long as cache file renaming and replacement are
> not mixed.
> 
> Nico
> 
> 
> On Tue, Aug 15, 2000 at 12:14:20PM -0400, Jeffrey Altman wrote:
> > telnetd does know the filename but it does not know which user the
> > file should be owned by.
> > 
> > > 
> > > Could telnetd create the cache file and keep it open, thus obviating the
> > > need for it to know its future file name? Or perhaps an open Unix socket
> > > that PAM_KRB5 could use to communicate back to telnetd.
> > > 
> --
> 



                  Jeffrey Altman * Sr.Software Designer
                 The Kermit Project * Columbia University
               612 West 115th St * New York, NY * 10025 * USA
     http://www.kermit-project.org/ * kermit-support@kermit-project.org






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []