Re: pam and kerberos + xlock on Debian

[Brian May <bam@debian.org>]

>>>>> "Marcel" == Marcel Kolaja <xkolaja@aurora.fi.muni.cz> writes:

    Marcel> On Fri, Nov 16, 2001 at 09:27:49AM -0500, Sam Hartman
    Marcel> wrote:
    >> So, you can't really do this securely without having read
    >> access to /etc/krb5.keytab.  The problem is that you cannot
    >> verify the TGT you

    Marcel> But we have no /etc/krb5.keytab (and I don't know what in
    Marcel> this file should be -- there is nothing about it in any
    Marcel> documentation I have read, i.e. man pages and
    Marcel> /usr/share/doc). What should be in this file?

As no one else has yet replied...

This is a file that only the administrator of your KDC can install.
It contains private keys that are also contained in the KDC. For more
information, please read any beginners guide to Kerberos.

    Marcel> There is installed potato on most of our computers but we
    Marcel> have also woody installed on some machines. On both types
    Marcel> of systems we have installed Kerberos from woody. We tried
    Marcel> to temporarily solve our problem with setting suid bit on
    Marcel> the xlock binary. Then the authentication with Kerberos
    Marcel> works fine on potato installed machines but it does not
    Marcel> work on woody. So we tried to install xlockmore-gl from
    Marcel> potato (ver. 4.15-10) on woody but it took no effect. The
    Marcel> authentication does not work. Don't you have any idea how
    Marcel> to make it work?

It sounds like it is not possible without making changes to the source
code (from what I have read).
-- 
Brian May <bam@debian.org>