OpenSSH, PAM and kerberos
Slawa Olhovchenkov
slw at zxy.spb.ru
Tue Sep 3 09:35:52 UTC 2013
On Tue, Sep 03, 2013 at 11:31:09AM +0200, Dag-Erling Sm??rgrav wrote:
> Slawa Olhovchenkov <slw at zxy.spb.ru> writes:
> > Dag-Erling Sm??rgrav <des at des.no> writes:
> > > The proper solution would be an identification and authentication daemon
> > > with a well-designed RPC interface and mechanisms for transferring
> > > environment variables, descriptors and credentials from the daemon to
> > > the application (in this case, sshd).
> > I think this is impossible, because credentials for pam_krb5 is simple
> > pointer to internal blob's with unknown size, structure and links with
> > other elements.
>
> When I spoke of passing credentials, I meant process credentials, not
> the cached Kerberos credentials - which the application does not need
> anyway. See SCM_CREDS in recv(2) for further information.
And how in this case can be resolved situation with PAM credentials
(Kerberos credentials in may case)?
More information about the freebsd-security
mailing list