[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

General query about flow of calls & specific query about RedHat pam_krb

I'm interested in the possibility of a kerberised NFSv4 for Linux.

We already use pam_krb for logging in, but I'm interested in the "gssd"
approach that the experimental NFSv4 client uses. Basically, someone logs in
- they supply their password and pam_krb obtains a ticket. Presumably you
need another pam module in the stack to pass the ticket to the gssd before
anything in their home directory is touched.

(RedHat specific) Later, the pam_krb module converts the ticket from a
memory to a file-based one, and presumably the pam_gssd_register module
would have to be called again immediately after.

So, this brings me to the first question: For both a tty and non-tty
application, what should be the flow of calls to PAM to provide full access?
i.e. what gets called when, with what uid/gids?

Secondly, a hypothetical SSH that supports kerberos (or the kerberised
telnet that would actually work) would not need to call the auth part of the
pam stack. For such apps, tty and non-tty, what would be the appropriate
call flow.


| Phil Mayers, Network Support     |
| Centre for Computing Services    |
| Imperial College                 |

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []