[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM and Kerberos



> > If we did not need to hack /bin/login to manage the credentials
> > cache could we always use the default os /bin/login?
> 
> There's still one important hurdle -- using some OS means to restrict
> access to the ccache.  As far as I can see at the moment, for a Joe
> Unix system that means UID-based access or inheritance of a file
> descriptor.  Somewhere between telnetd and the shell, some process is
> going to have to set up that protection.  The /bin/login won't
> leave a miscellaneous fd open, so are you ready to teach telnetd
> about uids?  Peek at its descendent's uid through procfs???  Brrr.
> 
> 				Matt 
> 

I'm not sure that I have much of a choice.  



                  Jeffrey Altman * Sr.Software Designer
                 The Kermit Project * Columbia University
               612 West 115th St * New York, NY * 10025 * USA
     http://www.kermit-project.org/ * kermit-support@kermit-project.org






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []