Re: KerberosV
On 10 Jun 1999, Greg Stark wrote:
>
> Matt Kern <mwk20@cam.ac.uk> writes:
>
> > In line with normal KerberosV installations I am planning on installing
> > kerberised versions of rsh, rcp, rlogin, ftp and telnet in /usr/bin. The
> > kerberos packages will conflict with telnet and divert the netstd packages
> > to binary.netstd (which the kerberised versions will use as a fallback).
> >
> > Does anyone have any objections to this scheme or any suggestions as to
> > how it may be improved?
>
> When I did the kerberos 4 packages I had them use a prefix of k. Actually I
> used a transform of s/^k?/k/ Ie, prefix a k if there isn't a k prefix already.
> This means they install as ktelnet, krsh, krcp, etc.
>
> I am wary of using diversions because several packages might divert things
> like telnet, rlogin, etc. diversions work best if it's really a unique
> situation, not when there are multiple packages that provide the same thing.
>
> Ideally we would have you install k5telnet k5rlogin etc, I would install
> k4telnet k4rlogin, etc, and we would use alternatives to allow the user to
> choose which would be the default telnet and rlogin. But this requires
> cooperation from the netstd package.
I've not seen all of this thread (being deprived of email at work for a
a fair bit), but IMNSHO, the ideal solution would be to create/find a
PAM module for KerberosV - *AND* making sure that the desired apps
are PAMified...
After all, PAM is a release goal, and work done this way for KerberosV
will also aid those that want the same functionality for LDAP, SMB, or
any other form of authentication
--
Rick Nelson
C:\WINDOWS C:\WINDOWS\GO C:\PC\CRAWL
Reply to: