OpenSSH, PAM and kerberos
Slawa Olhovchenkov
slw at zxy.spb.ru
Thu Sep 5 18:43:13 UTC 2013
On Tue, Sep 03, 2013 at 04:16:06PM +0200, Dag-Erling Sm??rgrav wrote:
> Lev Serebryakov <lev at FreeBSD.org> writes:
> > "Dag-Erling Sm??rgrav" <des at des.no> writes:
> > > Actually, sshd already does most of this by farming PAM out to a
> > > child process.
> > And, IMHO, proper way to fix this bug is to fix it here, as "most of
> > things" is already done.
>
> Feel free to submit patches.
Now I found next strange behaviour: for account with not found login
class sshd refuse GSSAPIAuthentication.
Telnet don't do this strange restriction.
(I use login class 'me' in Kerberos/NIS setup).
More information about the freebsd-security
mailing list