[Fwd: kclient version 2 [PSARC/2007/401 FastTrack timeout 07/13/2007]]
Gary Winiger
gww at eng.sun.com
Fri Jul 13 10:09:27 PDT 2007
> > Maybe this project should be using PSARC 2005/217 and delivering one
> > of more include files that have the different recommended ways of
> > using pam_krb5.
That would indeed be a useful addition to kclient and IMO,
a good way to implement -s. Here is a preconfigured kerberos
pam stack. -s adds to the existing pam.conf
<service> auth include <preconfigured krb5 pam stack>
<service> account include <preconfigured krb5 pam stack>
<service> session include <preconfigured krb5 pam stack>
<service> passwd include <preconfigured krb5 pam stack>
> Given the complexity of the interface necessary to do this and the
> difficulty to represent all customer environments I will drop the -s
> option from kclient.
Sigh, don't give up yet. Indeed Kerberos was one of the reasons
for doing the include control flag. Then you never have to screw
around with i.pamconf. Seems like a great win all the way around.
Darren, thanks for the refreshing suggestion. I'd even be happy
to do the libpam backport should kclient -s be backported ;-)
Gary..
More information about the opensolaris-arc
mailing list