Re: pam and kerberos + xlock on Debian

To: Martin Povolny <xpovolny@aurora.fi.muni.cz>
Cc: debian-kerberos@mekinok.com, debian-devel@lists.debian.org
Subject: Re: pam and kerberos + xlock on Debian
From: Sam Hartman <hartmans@debian.org>
Date: 16 Nov 2001 09:27:49 -0500
Message-id: <[🔎] tslbsi2pz8a.fsf@loggerhead.mekinok.com>
In-reply-to: <[🔎] 20011116111519.A23417@aurora.fi.muni.cz>
References: <[🔎] 20011116111519.A23417@aurora.fi.muni.cz>

So, you can't really do this securely without having read access to
/etc/krb5.keytab.  The problem is that  you cannot verify the TGT  you get back so someone could be spoofing your Kerberos session.  

If you are willing to ignore that, it should be possible to make the
code work; open a wishlist bug against libpam-krb5 that it should
consider permission denied reading the keytab to be equivelent to no
keytab present.

Reply to:

Follow-Ups:
- Re: pam and kerberos + xlock on Debian
  - From: Martin Povolny <xpovolny@aurora.fi.muni.cz>
- Re: pam and kerberos + xlock on Debian
  - From: Marcel Kolaja <xkolaja@aurora.fi.muni.cz>

References:
- pam and kerberos + xlock on Debian
  - From: Martin Povolny <xpovolny@aurora.fi.muni.cz>

Prev by Date: Re: The Second Great Spelling Check (Re: Package descriptions and making them better)
Next by Date: Re: The Second Great Spelling Check (Re: Package descriptions and making them better)
Previous by thread: pam and kerberos + xlock on Debian
Next by thread: Re: pam and kerberos + xlock on Debian
Index(es):
- Date
- Thread