On Mon, May 07, 2001 at 02:15:32PM +1000, Bob Smart wrote: > The problem is that the kerberos servers (such as kshd and > replacements for telnetd and ftpd) are I think not PAMified, > so installing kerberos can be a backward step in server > functionality. Is anyone working on this? Only talking... I've thought some about moving telnetd's -a option handling to login/PAM, based on a gross thing that Sun's SEAM does :) Essentially: - telnetd execs /bin/login with arguments --pam-service XYZ [<username>] - the "telnet" PAM service works as usual - the "ktelnet" PAM service has a PAM module that re-creates the ccache (if any) containing forwarded creds and/or returns PAM_SUCCESS. - telnetd chooses the PAM service according to wether the authenticated principal has access to the requested account (krb5_kuserok()) > Bob > Cheers, Nico --
