[19755] in Kerberos
RE: which krb5 PAM module on Solaris 8?
daemon@ATHENA.MIT.EDU (Tim Alsop)
Mon Aug 4 12:15:15 2003
Message-ID: <815D636CDFAAD611A2DA006097AC6157C60E58@blackanwhitecat.cybersafe.ltd.uk>
From: Tim Alsop <Tim.Alsop@CyberSafe.Ltd.UK>
To: Brian Davidson <bdavids1@gmu.edu>, kerberos@mit.edu
Date: Mon, 4 Aug 2003 17:06:03 +0100
MIME-Version: 1.0
Content-Type: text/plain
Errors-To: kerberos-bounces@mit.edu
Brian,
I agree with you. This is what I always recommend to clients.
Tim.
-----Original Message-----
From: Brian Davidson [mailto:bdavids1@gmu.edu]
Sent: 04 August 2003 16:47
To: kerberos@mit.edu
Subject: Re: which krb5 PAM module on Solaris 8?
Why not use nsswitch for authorization? I'm assuming it's available on Solaris since Sun developed it (I don't have any Solaris boxes at the moment). Basically all password file lookups are redirected to LDAP via nss_ldap. It seems to me that authentication is best left to PAM, while authorization is better handled by a hook into the system calls that are used for authorization (i.e. what nsswitch does).
Brian
On Sunday, August 3, 2003, at 10:09 PM, Jason Prondak wrote:
>
> As for the ldap stuff. Why not the pam_ldap supplied by SUN?
>
> --jason
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
