Re: pam_krb5 for AIX

2011-07-15 Thread Russ Allbery
Sonja Benz writes: > Pure authentication is what I need, ticket cache is not needed. It should already do what you want, then. If your application calls pam_setcred (despite not needing a ticket cache), which happens some times, you can set no_ccache as a PAM option, and that will force pam_set

Re: pam_krb5 for AIX

2011-07-15 Thread Sonja Benz
Pure authentication is what I need, ticket cache is not needed. Sonja From: Russ Allbery To: Sonja Benz/Germany/IBM@IBMDE Cc: kerberos@mit.edu Date: 07/15/2011 10:15 PM Subject: Re: pam_krb5 for AIX Sonja Benz writes: > It allows user logins for user not known to the local host. In

Re: pam_krb5 for AIX

2011-07-15 Thread Markus Moeller
/IBM@IBMDE Cc: kerberos@mit.edu Date: 07/15/2011 09:50 PM Subject: Re: pam_krb5 for AIX Sonja Benz writes: > That's great. We need a pam_krb5 which supports an option like > "no_user_check". I guess, yours does not? What does that option do? -- Russ Allbery (r...@

Re: pam_krb5 for AIX

2011-07-15 Thread Russ Allbery
Sonja Benz writes: > It allows user logins for user not known to the local host. In our case > we want to use Kerberos as a kind of central and secure storage for user > passwords. The user is able to authenticate via pam_krb5, but will gain > host access for another identity / role. Thanks! If

Re: pam_krb5 for AIX

2011-07-15 Thread Sonja Benz
in order to avoid allowing the user?s password to be eavesdropped. Sonja From: Russ Allbery To: Sonja Benz/Germany/IBM@IBMDE Cc: kerberos@mit.edu Date: 07/15/2011 09:50 PM Subject: Re: pam_krb5 for AIX Sonja Benz writes: > That's great. We need a pam_krb5 which sup

Re: pam_krb5 for AIX

2011-07-15 Thread Russ Allbery
Sonja Benz writes: > That's great. We need a pam_krb5 which supports an option like > "no_user_check". I guess, yours does not? What does that option do? -- Russ Allbery (r...@stanford.edu) Kerberos ma

Re: pam_krb5 for AIX

2011-07-15 Thread Sonja Benz
That's great. We need a pam_krb5 which supports an option like "no_user_check". I guess, yours does not? Sonja From: Russ Allbery To: Sonja Benz/Germany/IBM@IBMDE Cc: kerberos@mit.edu Date: 07/15/2011 07:21 AM Subject: Re: pam_krb5 for AIX Sonja Benz writes: > a nee

Re: pam_krb5 for AIX

2011-07-14 Thread Russ Allbery
Sonja Benz writes: > a need pam_krb5 for AIX. Since AIX seems be special and a bit tricky if > porting pam_krb5, I appriciate your advice: We do not necessarily need > the newest package. A secure and easy to port one would be nice. The > usage of pam_ldap will be limited in a way, w

pam_krb5 for AIX

2011-07-14 Thread Sonja Benz
Hi, a need pam_krb5 for AIX. Since AIX seems be special and a bit tricky if porting pam_krb5, I appriciate your advice: We do not necessarily need the newest package. A secure and easy to port one would be nice. The usage of pam_ldap will be limited in a way, where it will be dynamically called