Slawa Olhovchenkov <[email protected]> writes: > Dag-Erling Smørgrav <[email protected]> writes: > > The proper solution would be an identification and authentication daemon > > with a well-designed RPC interface and mechanisms for transferring > > environment variables, descriptors and credentials from the daemon to > > the application (in this case, sshd). > I think this is impossible, because credentials for pam_krb5 is simple > pointer to internal blob's with unknown size, structure and links with > other elements.
When I spoke of passing credentials, I meant process credentials, not the cached Kerberos credentials - which the application does not need anyway. See SCM_CREDS in recv(2) for further information. DES -- Dag-Erling Smørgrav - [email protected] _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
