[Fwd: kclient version 2 [PSARC/2007/401 FastTrack timeout 07/13/2007]]
Shawn M. Emery
Shawn.Emery at sun.com
Thu Jul 19 08:30:21 PDT 2007
Gary Winiger wrote:
>> From Shawn.Emery at sun.com Tue Jul 17 19:27:11 2007
>> Date: Tue, 17 Jul 2007 20:22:37 -0600
>> From: "Shawn M. Emery" <Shawn.Emery at sun.com>
>> Subject: Re: [Fwd: kclient version 2 [PSARC/2007/401 FastTrack timeout
>> 07/13/2007]]
>> To: Gary Winiger <gww at eng.sun.com>
>> Cc: Darren.Moffat at sun.com, PSARC-ext at sun.com, wyllys at borg.sfbay.sun.com
>> Content-transfer-encoding: 7BIT
>> X-PMX-Version: 5.2.0.264296
>> User-Agent: Thunderbird 2.0.0.4 (Macintosh/20070604)
>>
>> Gary Winiger wrote:
>>
>>>> Ok, I'll leave "and" out if everyone one is happy with the current set:
>>>>
>>>> first
>>>> only
>>>> optional
>>>>
>>>> What if the qualifier is left out? "first" or fail?
>>>>
>>>>
>>> So, now I'm lost again. What's the spec that's under review?
>>>
>>>
>> -s service_name:{first | only | optional}
>>
>> On another topic, did we come to consensus on whether the -T option was
>> acceptable with the way I had originally specified?
>>
>
> I know the project team is occupied with other issues.
> I'd like to see an updated spec particularly relative to
> -s just so we're all on the same page.
>
> I'm guessing the project teams response to mean that it will ship
> 3 PAM stacks that can be (2005/217) included in the master
> pam.conf to provide a generic use Kerberos first and fall
> back on Unix if Kerberos isn't the user's account authority
> | Kerberos is the only account authority for users | try
> Unix first and then optionally Kerberos as an account authority.
>
> So, more time or waiting need spec.
>
Following diff shows:
1. revised -s text
2. kept the -T option with auto-detection as something to be considered
with more careful thought
3. dropped the -t option due to security concerns and conflicting mechanisms
Shawn.
--
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: kc2.op.1.diff
URL: <http://mail.opensolaris.org/pipermail/opensolaris-arc/attachments/20070719/6328d020/attachment.ksh>
More information about the opensolaris-arc
mailing list