There is also the pam_krb5 module under the PAM project @ sf.net which was tested heavily under solaris.
http://sourceforge.net/projects/pam/ (Check the CVS tree) The pam module there was the work of Nicolas Williams, Jacques A. Vidrine, Steve Langasek, Frank Cusack and a little of myself. It was based on Frank Cusack initial pam_krb5 module. I impertiticulary am using it under Solaris 2.6 since the vendor supplied pam_krb5 module that was available at the time was to be desired. :) But the pam_krb5 module now supplied with Solaris 8 and 9 is a better choice to use now. After filing a few bug reports and having them fixed, everything is working fine, eveh the passwd expiration problems that we had in Solaris 2.6. I would hands down use the SUN PAM module now. We are in the process of going to a stock SUN PAM/kerberos client install (minus kadmin of course ). And everything seems to work perfect right now. As for the ldap stuff. Why not the pam_ldap supplied by SUN? --jason On Fri, 1 Aug 2003, G�L Bal�zs wrote: > Tim Mooney �rta: > > All- > > > > I'm looking for recommendations on which krb5 PAM module I should use > > on a sparc box I'll be reinstalling with Solaris 2.8 in a couple weeks. > > pam-krb5.sf.net. This is an enhanced version of RedHat's pam_krb5. > I will release rc8 in this weekend, it will contains many workarounds > for the solaris pam implementation, so I recommend it. > > > I do understand the implications of using a krb5 PAM module to > > authenticate services like telnet. > > > > I need a source-available module (so the stuff that's part of SEAM isn't > > going to do it for me, I don't think), because I need to hack in some > > calls to ldap, to check for authorization. > > Why dont use unix groups for authorization? There are few pam module now > which implement authorization based on unix groups. > > balsa > > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos > -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
