[Fwd: kclient version 2 [PSARC/2007/401 FastTrack timeout 07/13/2007]]

[Wyllys Ingersoll]

Gary Winiger wrote:
>>> Following diff shows:
>>>
>>> 1. revised -s text
>>>       
>>> --s pam_service: where pam_service is the service name to be configured for
>>> -	Kerberos authentication in the pam.conf(4) file
>>> --t: configure a simple broadcast/multicast NTP client
>>> +-s pam_service:{first | only | optional}[,...]
>>> +	where pam_service is the service name to be configured for
>>> +	Kerberos as the account authority in the pam.conf(4) file
>>> +	first: try authenticating through Kerberos first, if this fails try to
>>> +		authenticate through Unix
>>> +	only: only try to authenticate through Kerberos
>>> +	optional: try authenticating through Unix first, if this is successful
>>> +		try to authenticate through Kerberos
>>> +	multiple services can be delimited by commas (",")
>>> +
>>> +	Three files will be installed with this project under /etc/security/pam:
>>> +		pam_krb5_first
>>> +		pam_krb5_only
>>> +		pam_krb5_optional
>>> +	These files pertain to the "include" references in pam.conf when the -s
>>> +	option has been used for any service names specified.	
>>>       
>> 	Please install the files to "include" in the default place defined
>> 	in PSARC/2005/217 PAM include control flag.  That is:
>> 	included PAM configuration
>> 	files are assumed to be relative to /usr/lib/security/.
>>
>> 	Then absolute paths will not be required in "master" pam.conf.
>>     
>
> 	Can we close on this issue from 2 weeks ago?
>
> Gary..
>   

I agree, I meant to email about this but forgot to get to it before I 
left on vacation
last week.    Lets try to come to agreement before tomorrow so we can 
approve it and be
done with the PSARC part.

-Wyllys