Re: ITP Heimdal (Kerberos 5)

To: debian-devel@lists.debian.org
Subject: Re: ITP Heimdal (Kerberos 5)
From: Brian May <bam@debian.org>
Date: 26 Dec 1999 10:32:03 +1100
Message-id: <[🔎] 84so0qmwb0.fsf@snoopy.apana.org.au>
In-reply-to: md@linux.it's message of "25 Dec 99 16:34:20 GMT"
References: <[🔎] 847li4rnf6.fsf@snoopy.apana.org.au> <[🔎] 19991225173420.B957@wonderland.linux.it>

>>>>> "Marco" == Marco d'Itri <md@linux.it> writes:

    Marco> On Dec 24, Brian May <bam@debian.org> wrote:
    >> Heimdal comes with a PAM module, too, however, I haven't worked
    Marco> Then do we really need the servers like telnetd?  Using pam
    Marco> would be much nicer.

True Kerberos authentication requires cooperation both from the client
and server (except for local logins via /bin/login). The client needs
to submit its ticket to the server, instead of the user manually
entering a password.

I am remain unconvinced that PAM can do this. I think you need to use
GSSAPI for this, but so far I don't know of any other Debian packages
that use GSSAPI. Some Heimdal packages use GSSAPI (eg ftp). Most
however, talk to Kerberos directly. In theory, it should be possible
to implement GSSAPI for any security protocol you can think of, both
in the client and the server.

-- 
Brian May <bam@debian.org>

Reply to:

References:
- Re: ITP Heimdal (Kerberos 5)
  - From: Brian May <bam@debian.org>
- Re: ITP Heimdal (Kerberos 5)
  - From: md@linux.it (Marco d'Itri)

Prev by Date: Re: Quake is GPL
Next by Date: Quake in Germany - not illegal?
Previous by thread: Re: ITP Heimdal (Kerberos 5)
Next by thread: Re: ITP Heimdal (Kerberos 5)
Index(es):
- Date
- Thread