i had a bit of time last week so i was looking at the pam_krb4 modules someone mentioned recently. this made me wonder how usuable the pam implementation on solaris 2.5.1 might be. strangely enough its not too bad; i was able to build a pam module for solaris 2.5.1 that supports PAGs and AFS authentication. just replace the appropriate pam module and the standard solaris login/ftpd/dtgreet/rshd/rlogind programs do the "right thing." (a side note, there is no "ticket forwarding" since pam isn't used by client programs, and i dont really know too many who actually use this feature.) authentication is handled by fork()ing klog -pipe and examinging the return code. while this is a bit clusmy its easier that trying to build a pic version of the afs libraries. the pam interface is going to "change" in solaris 2.6 but hopefully the changes won't be so dramatic that this code will fail to port easily. PAGs are handled via the "well-known" syscall() interface. a few disclaimers: i using this module now but its not extensively tested, YMMV. if you do find a bug (especially one related to security) pleae let me know. its available via http://vl.nrl.navy.mil/staff/chas/pam_authen.tar.gz [EMAIL PROTECTED]
