[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM and Kerberos



> > So? If you're forwarding a TGT why would you then run kinit?
> 
> I was going to say "kinit -R", but that doesn't seem to have made me
> a new ccache file.
> 
> gungnir 325% ls -li $KRB5CCNAME
>    20 -rw-------   1 crawdad  dcg         1801 Aug 15 09:43 /tmp/krb5cc_console
> gungnir 326% kinit -R
> gungnir 327% ls -li $KRB5CCNAME
>    20 -rw-------   1 crawdad  dcg          905 Aug 15 13:39 /tmp/krb5cc_console
> 
> 
> Anyway, i think it'll be great to have telnet able to forward a later
> credential.  That's one more thing I can cross off my "round tuit"
> list.  I've been copying newer ccache's across with rsh, which is
> cumbersome, but at least I seldom need it.
> 
> A really whizzo function would be the ability not to forward your
> TGT, but to trap accesses to your remote ccache and get your local
> host to do the TGS_REQ when needed and send back the needed cred.
> Some sort of IPC: ccache type could do this without violence to the
> applications.
> 				Matt Crawford
> 

This is the functionality that Nico has been arguing for as well.  I
can do this if we implement some kind of memory or IPC based cache
that could be implemented within the telnetd.  That would solve many
of our problems.

If we did not need to hack /bin/login to manage the credentials cache
could we always use the default os /bin/login?



                  Jeffrey Altman * Sr.Software Designer
                 The Kermit Project * Columbia University
               612 West 115th St * New York, NY * 10025 * USA
     http://www.kermit-project.org/ * kermit-support@kermit-project.org






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []