[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pam and kerberos + xlock on Debian

So, you can't really do this securely without having read access to
/etc/krb5.keytab.  The problem is that  you cannot verify the TGT  you get back so someone could be spoofing your Kerberos session.  

If you are willing to ignore that, it should be possible to make the
code work; open a wishlist bug against libpam-krb5 that it should
consider permission denied reading the keytab to be equivelent to no
keytab present.

Reply to: