OpenSSH, PAM and kerberos
Dag-Erling Smørgrav
des at des.no
Tue Sep 3 09:31:09 UTC 2013
Slawa Olhovchenkov <slw at zxy.spb.ru> writes:
> Dag-Erling Smørgrav <des at des.no> writes:
> > The proper solution would be an identification and authentication daemon
> > with a well-designed RPC interface and mechanisms for transferring
> > environment variables, descriptors and credentials from the daemon to
> > the application (in this case, sshd).
> I think this is impossible, because credentials for pam_krb5 is simple
> pointer to internal blob's with unknown size, structure and links with
> other elements.
When I spoke of passing credentials, I meant process credentials, not
the cached Kerberos credentials - which the application does not need
anyway. See SCM_CREDS in recv(2) for further information.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list