On Sun, 2001-11-18 at 13:15, Steve Langasek wrote:

> Having worked extensively with pam_krb5 and the issues you describe, I
> definitely believe this should be changed from a "can/should" to a
> "must". The change will ultimately be driven by application writers who
> need to support the complexities of Kerberos-like systems; I think more
> and more applications are doing things the right way now, precisely
> because of Kerberos.

For portability sake, I should mention that Solaris 8's pam_krb5 has
rather unique behavior. pam_authenticate updates the ccache, and
pam_setcred with PAM_REINITIALIZE_CRED just dumps core. This is just
the beginning of the troubles with pam_krb5 from Sun, though. I will
try to refrain from off-topic rants about Sun's Kerberos code.

Mike

_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://listman.redhat.com/mailman/listinfo/pam-list

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]