Charles Hedrick <hedr...@rutgers.edu> writes: > This is a client-server pair designed to create home directories for > users. When you’re using kerberized NFS the normal pam_mkhomedir won’t > work, because it assumes that root can create directories in the file > system. With kerberized NFS, root has no special privileges. So we have > a pam_kmkhomedir that calls a process on the file server to do the > creation.
> If I were doing it again, I’d probably write it using GSSAPI rather than > a basic Kerberos client / server. Then I could write the server as a web > service in python and use libcurl on the client side. Unfortunately it > doesn’t seem to be practical to write a pam module in anything other > than C, but with libcurl all the GSSAPi stuff is handled by the > library. If the client isn’t a pam module, it’s easy enough to write a > GSSAPI client in python. (I can give you example client-server if you > need it.) You may also be interested in remctl, which is designed to do this sort of thing. https://www.eyrie.org/~eagle/software/remctl/ -- Russ Allbery (ea...@eyrie.org) <https://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
