[19753] in Kerberos
Re: which krb5 PAM module on Solaris 8?
daemon@ATHENA.MIT.EDU (Jason Prondak)
Sun Aug 3 22:59:04 2003
Date: Sun, 3 Aug 2003 22:09:50 -0400 (EDT)
From: Jason Prondak <jprondak@visualmedia.com>
To: =?ISO-8859-1?Q?G=C1L_Bal=E1zs?= <balsa@rit.bme.hu>
In-Reply-To: <3F2AA269.4000105@rit.bme.hu>
Message-ID: <Pine.LNX.4.44.0308032156170.31791-100000@u1055693.ul.warwick.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
cc: kerberos@mit.edu
cc: Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu>
Errors-To: kerberos-bounces@mit.edu
There is also the pam_krb5 module under the PAM project @ sf.net which was
tested heavily under solaris.
http://sourceforge.net/projects/pam/ (Check the CVS tree)
The pam module there was the work of Nicolas Williams, Jacques A.
Vidrine, Steve Langasek, Frank Cusack and a little of myself. It was based
on Frank Cusack initial pam_krb5 module. I impertiticulary am using it
under Solaris 2.6 since the vendor supplied pam_krb5 module that was
available at the time was to be desired. :) But the pam_krb5 module now
supplied with Solaris 8 and 9 is a better choice to use now. After filing
a few bug reports and having them fixed, everything is working fine,
eveh the passwd expiration problems that we had in Solaris 2.6. I
would hands down use the SUN PAM module now. We are in the process of
going to a stock SUN PAM/kerberos client install (minus kadmin of course
). And everything seems to work perfect right now.
As for the ldap stuff. Why not the pam_ldap supplied by SUN?
--jason
On Fri, 1 Aug 2003, GÁL Balázs wrote:
> Tim Mooney írta:
> > All-
> >
> > I'm looking for recommendations on which krb5 PAM module I should use
> > on a sparc box I'll be reinstalling with Solaris 2.8 in a couple weeks.
>
> pam-krb5.sf.net. This is an enhanced version of RedHat's pam_krb5.
> I will release rc8 in this weekend, it will contains many workarounds
> for the solaris pam implementation, so I recommend it.
>
> > I do understand the implications of using a krb5 PAM module to
> > authenticate services like telnet.
> >
> > I need a source-available module (so the stuff that's part of SEAM isn't
> > going to do it for me, I don't think), because I need to hack in some
> > calls to ldap, to check for authorization.
>
> Why dont use unix groups for authorization? There are few pam module now
> which implement authorization based on unix groups.
>
> balsa
>
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
