Ken Hornstein <[EMAIL PROTECTED]> writes: >> telnetd should include both the UID and the PID in the cache name. >> This works much more smoothly with rpc.gssd and is what I do in >> pam-krb5. > > In a perfect world, we'd chuck the whole horrid scheme and create some > utility to send the Kerberos credentials to rpc.gssd or it's equivalant. > Sigh.
I think AFS uses the correct model. Credentials are really an attribute of the user and for the best security should be tracked by the kernel like any other security attribute of the user (UID, GID, supplemental groups, capabilities, etc.). But that gets into really nasty cross-platform issues, not to mention annoying kernel licensing issues. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
