Simon Josefsson <[EMAIL PROTECTED]> writes: > It may be possible to implement a PAM module that calls GSS-API > functions to perform the host login, but I don't recall seeing anyone > doing that. For example, while I don't really know for sure, I think > that all the Kerberos 5 PAM modules use native krb5 APIs instead of > GSS-API. Your security architecture is equivalent to krb5 from this > conceptual point of view.
So far as I can tell, it's not possible to obtain initial credentials with a password purely through the GSS-API. I only see gss_acquire_cred, which isn't sufficient. So yes, I'm fairly sure that all Kerberos PAM modules use native Kerberos calls. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> _______________________________________________ Help-gss mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gss
