Mario, you are absolutely right. The implementation of the kerberos which comes with ON bits tightly integrated with NFS and CIFS services, provides pam module, and actively maintained by opensolaris community. We should have it installed and offered by default.
On Sun, 2009-03-08 at 16:46 +0100, Mario Lorenz wrote: > Am 07. Mar 2009, um 13:12:12 schrieb Tim Spriggs: > > Tim, > > As has been pointed out, the sun kerberos package has several extensions > that are required to get some solaris features to work. I assume that > would include eg. tickets for kerberized NFS for the NFS client in > kernel space would need access to the user's ticket for authentication. > > If this is indeed the case, User Expectation is that after kinit they > are authorized to those services. On Ubuntu, this may even mean having > gotten the kerberos tickets through logon. > Having two sets of kerberos tools, one for "this", and another for > "that" means that Nexenta developers will rightfully be bashed for > misunderstanding the "single" in Single-Sign-On. > > Please someone with detailed Solaris kerberos experience confirm or deny > this, for if it is true, there is thus only two ways out: > Either Ubuntu Kerberos gets extended with Solaris patches, or Solaris > Kerberos gets promoted "standard kerberos", and Ubuntu Kerberos goes > away (ie. is replaced with a dummy package). This will likely involve > changing the location of some binaries (sun krb5-config has to go to > /usr/bin then), and a rebuild of all packages linking kerberos libs. > (unless the packages are binary compatible which i highly doubt) > > Mario > > > _______________________________________________ > gnusol-devel mailing list > gnusol-devel@lists.sonic.net > http://lists.sonic.net/mailman/listinfo/gnusol-devel > _______________________________________________ gnusol-devel mailing list gnusol-devel@lists.sonic.net http://lists.sonic.net/mailman/listinfo/gnusol-devel
