RE: ITP: pam-krb5

To: debian-devel@lists.debian.org
Subject: RE: ITP: pam-krb5
From: Steve Langasek <vorlon@netexpress.net>
Date: Thu, 16 Nov 2000 17:40:45 -0600 (CST)
Message-id: <[🔎] Pine.LNX.4.10.10011161738530.17062-100000@tennyson.netexpress.net>
In-reply-to: <[🔎] XFMail.20001116153434.shaleh@valinux.com>

On Thu, 16 Nov 2000, Sean 'Shaleh' Perry wrote:

> > 
> > Not when using kerberized telnet, because krb telnet authenticates using the
> > Kerberos protocol.  The issue is specific to using something like pam-krb5 to
> > do Kerberos authentication behind the scenes, without any true Kerberos
> > support in the application.  OTOH, if you were to telnet from your local
> > machine and /then/ run 'kinit' to get a ticket, you would obviously have the
> > same problem because you're typing the password cleartext across the network.

> I fail to see why the pam module can not do the equiv of kinit (thanks I
> forgot the command name).

pam-krb5 does exactly the same thing as kinit, which is precisely why it
should not be used for authenticating network services, because in the
Kerberos model kinit should only ever be run on the user's local machine.

Steve Langasek
postmodern programmer

Reply to:

Follow-Ups:
- RE: ITP: pam-krb5
  - From: "Sean 'Shaleh' Perry" <shaleh@valinux.com>

References:
- RE: ITP: pam-krb5
  - From: "Sean 'Shaleh' Perry" <shaleh@valinux.com>

Prev by Date: Re: women in debian
Next by Date: RE: ITP: pam-krb5
Previous by thread: RE: ITP: pam-krb5
Next by thread: RE: ITP: pam-krb5
Index(es):
- Date
- Thread