On Sun, 2001-11-18 at 13:15, Steve Langasek wrote: > Having worked extensively with pam_krb5 and the issues you describe, I > definitely believe this should be changed from a "can/should" to a > "must". The change will ultimately be driven by application writers who > need to support the complexities of Kerberos-like systems; I think more > and more applications are doing things the right way now, precisely > because of Kerberos. For portability sake, I should mention that Solaris 8's pam_krb5 has rather unique behavior. pam_authenticate updates the ccache, and pam_setcred with PAM_REINITIALIZE_CRED just dumps core. This is just the beginning of the troubles with pam_krb5 from Sun, though. I will try to refrain from off-topic rants about Sun's Kerberos code. Mike
