[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: KerberosV

On 10 Jun 1999, Greg Stark wrote:

> Matt Kern <mwk20@cam.ac.uk> writes:
> > In line with normal KerberosV installations I am planning on installing
> > kerberised versions of rsh, rcp, rlogin, ftp and telnet in /usr/bin.  The
> > kerberos packages will conflict with telnet and divert the netstd packages
> > to binary.netstd (which the kerberised versions will use as a fallback).
> >
> > Does anyone have any objections to this scheme or any suggestions as to
> > how it may be improved?
> When I did the kerberos 4 packages I had them use a prefix of k. Actually I
> used a transform of s/^k?/k/ Ie, prefix a k if there isn't a k prefix already.
> This means they install as ktelnet, krsh, krcp, etc. 
> I am wary of using diversions because several packages might divert things
> like telnet, rlogin, etc. diversions work best if it's really a unique
> situation, not when there are multiple packages that provide the same thing.
> Ideally we would have you install k5telnet k5rlogin etc, I would install
> k4telnet k4rlogin, etc, and we would use alternatives to allow the user to
> choose which would be the default telnet and rlogin. But this requires
> cooperation from the netstd package. 

I've not seen all of this thread (being deprived of email at work for a
a fair bit), but IMNSHO, the ideal solution would be to create/find a
PAM module for KerberosV - *AND* making sure that the desired apps 
are PAMified...

After all, PAM is a release goal, and work done this way for KerberosV
will also aid those that want the same functionality for LDAP, SMB, or
any other form of authentication 

Rick Nelson

Reply to: