[Fwd: kclient version 2 [PSARC/2007/401 FastTrack timeout 07/13/2007]]
Shawn M. Emery
Shawn.Emery at sun.com
Tue Jul 17 09:46:13 PDT 2007
Darren J Moffat wrote:
> Shawn M. Emery wrote:
>>> I think that setting up pam.conf to do one of the normal Kerberos
>>> configurations is a key part of this project.
>>>
>>> My recommendation is that the kclient interface be quite high level eg:
>>>
>>> As per the pam_krb5(5) examples: first, only, optional are the
>>> keywords here.
>>
>> I don't think the pam_krb5 examples are comprehensive enough. I may
>> wish to authenticate through Kerberos _and_ through other additional
>> modules.
>
> You don't need to provide every possible combination just the ones we
> believe are the commonly used ones. For anything else pam.conf is
> still an end admin editable policy file. I think the common ways of
> using pam_krb5 are the ones listed in the current pam_krb5(5) man page
> and would be a good start for kclient(1) to support.
Ok, I'll leave "and" out if everyone one is happy with the current set:
first
only
optional
What if the qualifier is left out? "first" or fail?
Shawn.
--
More information about the opensolaris-arc
mailing list