Re: PAM and Kerberos

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> If we did not need to hack /bin/login to manage the credentials
> cache could we always use the default os /bin/login?

There's still one important hurdle -- using some OS means to restrict
access to the ccache.  As far as I can see at the moment, for a Joe
Unix system that means UID-based access or inheritance of a file
descriptor.  Somewhere between telnetd and the shell, some process is
going to have to set up that protection.  The /bin/login won't
leave a miscellaneous fd open, so are you ready to teach telnetd
about uids?  Peek at its descendent's uid through procfs???  Brrr.

				Matt 





[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux