OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
FreeBSD Security Archives: Kerberos integration into ports--in

Kerberos integration into ports--in particular, SSH

Robert Watson (robertcyrus.watson.org)
Thu, 21 Oct 1999 10:44:21 -0400 (EDT)

It looks like many ports still don't use PAM for authentication. This is
not something I have time to address, it's just a comment that it would be
nice if now that we have PAM, things used PAM :-). Also, it's a little
funky to have an /etc/auth.conf and a /etc/pam.conf -- auth.conf seems
only to affect su?

The real gist of my email is that I'd like to see the K4 patches
incorporated into the SSH port when the user has K4 enabled into
/etc/make.conf, or if they give a particular command line argument. The
SSH K4 patches (with AFS, etc) are found at:

http://www.monkey.org/~dugsong/ssh-afs/

The 1.2.27 patch applies cleanly and easily over 1.2.27, although it seems
not to be compatible with our local patches in the ports tree--I assume
just includes and weird things with the patches covering the same area,
but I haven't checked. To enable K4 support, you just do --with-krb4 on
configure, and it works. This adds support for authenticating logins
using passed authenticators, ticket-passing with AFS, autologin using
.klogin as with rsh, etc. Very convenient. :-)

I suppose the ideal solution is we go to K5 sometime soon and then the
support is built-in?

  Robert N M Watson

robertfledge.watson.org http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

This archive was generated by hypermail 2.0b3 on Thu Oct 21 1999 - 09:43:41 CDT