* Juha Jäykkä [2006-01-13 09:05:09 +0200]:
> As what comes to kinit, its not setting the pag is a surprise to me after
> all the praise of Heimdal's supposedly good integration with AFS.
Sometimes you want to start a new PAG, and sometimes you want to add or
refresh credentials in your current PA
Juha Jäykkä wrote:
It and its friends can be found at ftp://achilles.ctd.anl.gov/pub/DEE
pam_afs2-0.1.tar
gafstoken-0.3.tar
gssklog-0.11.tar
This is the beast I was referring to. I'm sorry I was too lazy to check
who created it and properly credit you.
The design goals of all of this was
Sergio Gelato <[EMAIL PROTECTED]> writes:
> I also like it that Heimdal's pagsh (kpagsh, in Debian) will generate a
> new KRB5CCNAME, so that a subsequent kinit will not clobber the Kerberos
> ccache of the parent process. OpenAFS's pagsh shouldn't (and doesn't) do
> that since OpenAFS tries to be
> I would like to see the OpenAFS people pick this up and distribute the
> pam_afs2 or its equivalent with OpenAFS, as it is only used by AFS. The
> discussions on the list lately are headed this way.
I support that idea. It is the only pam module which does things the Right
Way(tm). I did some te
Juha Jäykkä wrote:
I would like to see the OpenAFS people pick this up and distribute the
pam_afs2 or its equivalent with OpenAFS, as it is only used by AFS. The
discussions on the list lately are headed this way.
I support that idea. It is the only pam module which does things the Right
Wa
Juha Jäykkä <[EMAIL PROTECTED]> writes:
> Debian's pam_krb5.so (where does this originate from?)
http://www.squishy.cc/software/pam-krb5/
> Will leak tokens (not create a PAG) when authenticating with pubkey
This isn't a problem that pam-krb5 should be solving; instead, it should
be dealt with
On Thursday, January 12, 2006 06:41:21 PM -0800 Russ Allbery
<[EMAIL PROTECTED]> wrote:
Jeffrey Hutzelman <[EMAIL PROTECTED]> writes:
However, they do it that way not as part of some misguided attempt at
"security", but because of the constraints imposed by the way their SSH
protocol parse
On Friday, January 13, 2006 11:00:14 AM -0800 Russ Allbery
<[EMAIL PROTECTED]> wrote:
Sergio Gelato <[EMAIL PROTECTED]> writes:
I also like it that Heimdal's pagsh (kpagsh, in Debian) will generate a
new KRB5CCNAME, so that a subsequent kinit will not clobber the Kerberos
ccache of the par
On Fri, 13 Jan 2006 09:12:14 +0200
Juha Jäykkä <[EMAIL PROTECTED]> wrote:
> > > I think that pam_krb5afs.so no longer exists, [...]
> > pam_krb5afs exists at least in Debian for Heimdal clients. I have a
few
> > machines with Heimdal running it now, and it appears to work fine.
>
> And in which p
Jeffrey Hutzelman <[EMAIL PROTECTED]> writes:
> Those tools are deprecated, and IMHO a pagsh.krb5 would be
> inappropriate, unless we plan on shipping a complete suite of tools that
> manage krb5 tickets, as we did for krb4.
The problem is, pagsh.krb5 is a program that should alter both AFS and
K
10 matches
Mail list logo
