OpenSSH, PAM and kerberos

[Lev Serebryakov]

Hello, Dag-Erling.
You wrote 3 сентября 2013 г., 18:15:26:

>> login(1) works. It means, that console and telnet works. ftpd(8) doesn't
>> need such excessive session support (single login via ftp? Are you
>> kidding?). So, only sshd(8) is broken. And change (dramatically) well-known
>> programs (like login(1)) and introduce new subsystem to fix bug (it is
>> really a bug) in sshd? I don't think it is sane way to do things.
DES> We're not just talking about a bug in sshd.  We're talking about a
DES> fundamentally broken paradigm which affects *all* applications.
 How does it affect second-most-used-login application -- login(1)?

 I know nothing about xdm, gdm, kdm and all other X11 display managers, as I
don't use anything UNIX-like on desktops, are they affected too? Or do they
work as intended now?

 Which applications do need this functionality too? ftpd(8)? Is it affected?
But I'm not sure, that ftpd(8) needs something like this at all, as I could
not imagine any kerberized / single login application run with ftpd as
parent. Maybe, my imagination is poor.

 And, yes, what do you mean by "fundamentally broken paradigm" here? PAM
itself?

-- 
// Black Lion AKA Lev Serebryakov <lev at FreeBSD.org>