[19775] in Kerberos
Re: apache & Kerberos
daemon@ATHENA.MIT.EDU (John Rudd)
Wed Aug 6 18:16:00 2003
Message-ID: <3F317A4C.9F679F8E@ucsc.edu>
Date: Wed, 06 Aug 2003 14:59:40 -0700
From: John Rudd <jrudd@ucsc.edu>
To: kerberos@MIT.EDU
Errors-To: kerberos-bounces@mit.edu
Frank Cusack wrote:
>
> On Tue, 5 Aug 2003 16:40:22 +0000 (UTC) hartmans@mit.edu (Sam Hartman) wrote:
> > It seems kind of unfortunate that you're combining these two modules.
> > It seems that I'd really rather use PAM or pubcookie for my password
> > auth and then GSS-based stuff for native Kerberos.
>
> At the risk of just doing a 'me too', I agree. These should be different
> modules. They do completely different things.
>
I'll provide a dissenting opinion.
I've had many problems with PAM modules here (under Solaris 8). Having
a setup with an application or server/service that can handle something
like username+password authentication against an external authentication
service, while the underlying OS remains completely ignorant, is not
just "fine with me", it is an attractive feature. Here, they're grouped
by relevence to kerberos as the external authentication service, whether
it's auth via kerb ticket or auth via kerb principle+passphrase.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
