Hi,
I am looking for advice and feedback from the Kerberos community in relation to UNIX,
PAM and Kerberos. If you can provide me with some feedback based on your views and
experiences it would be very much appreciated.
It is clear that PAM is becoming a common way to provide pluggable authentication
services on UNIX or Linux operating systems. I am particularly interested in PAM for
authorisation and wanted to hear from you about this. If you can help me, please
provide feedback on the points listed below :
1. Do you, or the company you represent use Kerberos, or are you considering using
Kerberos with PAM for authorisation, authentication, or both authentication and
authorisation.
Note: Currently PAM with Kerberos can be used for authentication so that login to the
operating system directly at console, or via telnet can be handled consistently. The
use of PAM for authorisation would involve checking .k5login files in home directories
and/or using an aname database on each system, or perhaps some other form of mechanism.
2. If you are using, or considering using PAM for authorisation I would like to hear
if you using it with .k5login files, or checking authorisation via an LDAP lookup, or
some other method. Can you provide details of your usage, or intended usage of PAM for
authorisation ?
3. Do you have any GSS-API enabled applications, or any Kerberos enabled applications
that accept a security context to determine the users principal name and then use PAM
for authorisation, or do you have any applications that you would like have enabled in
this way ?
Many thanks in advance for your help,
Tim Alsop
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
