Nicolas Williams wrote:
> On Wed, Aug 09, 2006 at 09:52:51AM -0500, Douglas E. Engert wrote: > >>Markus Moeller wrote: >> >>>There shouldn't be the need of compiling openssh with Kerberos as the >>>Solaris 10 version supports GSSAPI authentication. >> >>Yes and no. Until you want to store the delegated credential or do a >>krb5_userok test. > > > Solaris' sshd does this using __gss_userok() and gss_store_cred(). Good, and that was what I was trying to the kerberos working group interested in before Kitten was started. > > >>With OpenSSH-4.1 at least ssh_gssapi_krb5_storecreds and >>ssh_gssapi_krb5_userok make krb5 API calls as gss never had a simple >>authz function or a way to save the delegated creds. >> >>Solaris 10's sshd uses PAM, to do these. OpenSSH should look at that >>approach too, then it would not need Kerberos specific code either. > > > No, Solaris 10's sshd does not use PAM to do these two tasks. > OpenSolaris' sshd will, however, soon enough. > > Nico -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
