[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM and Kerberos



> If we did not need to hack /bin/login to manage the credentials
> cache could we always use the default os /bin/login?

There's still one important hurdle -- using some OS means to restrict
access to the ccache.  As far as I can see at the moment, for a Joe
Unix system that means UID-based access or inheritance of a file
descriptor.  Somewhere between telnetd and the shell, some process is
going to have to set up that protection.  The /bin/login won't
leave a miscellaneous fd open, so are you ready to teach telnetd
about uids?  Peek at its descendent's uid through procfs???  Brrr.

				Matt 





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []