>>>>> "Russ" == Russ Allbery <[EMAIL PROTECTED]> writes:
Russ> Sam Hartman <[EMAIL PROTECTED]> writes:
>> I think that's a mischaracterization of the problem. You need
>> this whenever you have a service that needs to verify passwords
>> but that cannot be trusted with a Kerberos key of its own. It
>> seems like that's going to be much more common than just
>> xscreensaver.
Russ> True, although xscreensaver is the only practical case that
Russ> I've heard about so far. But I believe you that there are
Russ> probably more.
I wonder if krb5 should provide a setuid helper to do rd_req so that your
keytab can be much more tightly controlled than your service?
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
