[Fwd: kclient version 2 [PSARC/2007/401 FastTrack timeout 07/13/2007]]
Darren J Moffat
Darren.Moffat at sun.com
Tue Jul 17 05:42:38 PDT 2007
Shawn M. Emery wrote:
>> I think that setting up pam.conf to do one of the normal Kerberos
>> configurations is a key part of this project.
>>
>> My recommendation is that the kclient interface be quite high level eg:
>>
>> As per the pam_krb5(5) examples: first, only, optional are the
>> keywords here.
>
> I don't think the pam_krb5 examples are comprehensive enough. I may
> wish to authenticate through Kerberos _and_ through other additional
> modules.
You don't need to provide every possible combination just the ones we
believe are the commonly used ones. For anything else pam.conf is still
an end admin editable policy file. I think the common ways of using
pam_krb5 are the ones listed in the current pam_krb5(5) man page and
would be a good start for kclient(1) to support.
--
Darren J Moffat
More information about the opensolaris-arc
mailing list