From owner-freebsd-hackers  Tue Aug 17 14:53:44 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from sasami.jurai.net (sasami.jurai.net [63.67.141.99])
	by hub.freebsd.org (Postfix) with ESMTP
	id 514F2157FF; Tue, 17 Aug 1999 14:53:30 -0700 (PDT)
	(envelope-from winter@jurai.net)
Received: from localhost (winter@localhost)
	by sasami.jurai.net (8.8.8/8.8.7) with ESMTP id RAA01181;
	Tue, 17 Aug 1999 17:53:58 -0400 (EDT)
Date: Tue, 17 Aug 1999 17:53:57 -0400 (EDT)
From: "Matthew N. Dodd" <winter@jurai.net>
To: Kris Kennaway <kris@hub.freebsd.org>
Cc: Mark Murray <mark@grondar.za>, freebsd-hackers@FreeBSD.ORG
Subject: Re: Kerberos 5 integration. 
In-Reply-To: <Pine.BSF.4.10.9908171343310.77803-100000@hub.freebsd.org>
Message-ID: <Pine.BSF.4.10.9908171748020.4840-100000@sasami.jurai.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 17 Aug 1999, Kris Kennaway wrote:
> On Tue, 17 Aug 1999, Matthew N. Dodd wrote:
> > I'm pretty sure there is a kerberos5 pam module floating around
> > somewhere...
> 
> ftp://ftp.dementia.org/pub/pam/
> http://www-personal.engin.umich.edu/~itoi/
> 
> Both referenced from
> http://www.us.kernel.org/pub/linux/libs/pam/modules.html

Already found that.  :)

I'm still a bit confused about PAM though.  While it is possible to do
what kinit does and verify a password, the real reason we like kerberos is
because we don't have to enter passwords; we get a ticket and the server
verifies that the ticket is valid.  How exactly does this fit in the PAM
model?

-- 
| Matthew N. Dodd  | '78 Datsun 280Z | '75 Volvo 164E | FreeBSD/NetBSD  |
| winter@jurai.net |       2 x '84 Volvo 245DL        | ix86,sparc,pmax |
| http://www.jurai.net/~winter | This Space For Rent  | ISO8802.5 4ever |



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message