OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
FreeBSD Security Archives: Re: Kerberos integration into ports-

Re: Kerberos integration into ports--in particular, SSH

Mike Nowlin (mikeargos.org)
Sat, 23 Oct 1999 04:31:28 -0400 (EDT)

> It looks like many ports still don't use PAM for authentication. This is
> not something I have time to address, it's just a comment that it would be
> nice if now that we have PAM, things used PAM :-). Also, it's a little
> funky to have an /etc/auth.conf and a /etc/pam.conf -- auth.conf seems
> only to affect su?

It seems that a lot of the system still doesn't use PAM for auth... A
quick grep of ftpd (a recent pamifying project) returns:

twikki:/usr/src/libexec/ftpd$ grep -i pam *
Makefile:.PATH: ${.CURDIR}/../../lib/libpam/modules/pam_kerberosIV

We developed some changes to ftpd to support PAM (haven't submitted them
yet -- a couple of quirks to work out), but I'm sure a lot of the system
doesn't handle it yet.

Is there a doc somewhere which gets into this, or does one need to be
written? We're trying to handle security through a PAM/(PostgreSQL|MySQL)
interface as much as possible, so we're willing to do a bit of fixing if
necessary.

--mike

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

This archive was generated by hypermail 2.0b3 on Sat Oct 23 1999 - 03:30:55 CDT