Re: pam and kerberos + xlock on Debian
>>>>> "Marcel" == Marcel Kolaja <xkolaja@aurora.fi.muni.cz> writes:
Marcel> On Fri, Nov 16, 2001 at 09:27:49AM -0500, Sam Hartman
Marcel> wrote:
>> So, you can't really do this securely without having read
>> access to /etc/krb5.keytab. The problem is that you cannot
>> verify the TGT you
Marcel> But we have no /etc/krb5.keytab (and I don't know what in
Marcel> this file should be -- there is nothing about it in any
Marcel> documentation I have read, i.e. man pages and
Marcel> /usr/share/doc). What should be in this file?
As no one else has yet replied...
This is a file that only the administrator of your KDC can install.
It contains private keys that are also contained in the KDC. For more
information, please read any beginners guide to Kerberos.
Marcel> There is installed potato on most of our computers but we
Marcel> have also woody installed on some machines. On both types
Marcel> of systems we have installed Kerberos from woody. We tried
Marcel> to temporarily solve our problem with setting suid bit on
Marcel> the xlock binary. Then the authentication with Kerberos
Marcel> works fine on potato installed machines but it does not
Marcel> work on woody. So we tried to install xlockmore-gl from
Marcel> potato (ver. 4.15-10) on woody but it took no effect. The
Marcel> authentication does not work. Don't you have any idea how
Marcel> to make it work?
It sounds like it is not possible without making changes to the source
code (from what I have read).
--
Brian May <bam@debian.org>
Reply to: