Hi, In the past, when I was running MIT krb5, I played around with a couple different PAM modules (Frank Cusack's and Naomaru Itoi [sp, sorry Itoi]) with mixed results. Does anyone know 1) whether those modules build against heimdal-dev 2) whether they work 3) whether they lack that security hole where they don't verify the TGT with the local host key, so bogus decryptable TGTs can get you unauthorised login if the answer to any of these is no, I will not be crushed. I've been toying with the idea of writing my own module as an excuse to learn PAM and the heimdal interface (I have some experience with GSSAPI, but not directly with kerberos). Thanks, Brendan -- Don't make Godzilla mad!
Attachment:
pgpjdBFsB0V2x.pgp
Description: PGP signature