[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PAM vs GSSAPI?
|
From: |
Russ Allbery |
|
Subject: |
Re: PAM vs GSSAPI? |
|
Date: |
Tue, 20 Mar 2007 17:43:04 -0700 |
|
User-agent: |
Gnus/5.110006 (No Gnus v0.6) XEmacs/21.4.19 (linux) |
Simon Josefsson <address@hidden> writes:
> It may be possible to implement a PAM module that calls GSS-API
> functions to perform the host login, but I don't recall seeing anyone
> doing that. For example, while I don't really know for sure, I think
> that all the Kerberos 5 PAM modules use native krb5 APIs instead of
> GSS-API. Your security architecture is equivalent to krb5 from this
> conceptual point of view.
So far as I can tell, it's not possible to obtain initial credentials with
a password purely through the GSS-API. I only see gss_acquire_cred, which
isn't sufficient. So yes, I'm fairly sure that all Kerberos PAM modules
use native Kerberos calls.
--
Russ Allbery (address@hidden) <http://www.eyrie.org/~eagle/>
- PAM vs GSSAPI?, Ashwin Ganti, 2007/03/16
- Re: PAM vs GSSAPI?, Simon Josefsson, 2007/03/17
- Re: PAM vs GSSAPI?, Ashwin Ganti, 2007/03/17
- Re: PAM vs GSSAPI?, Simon Josefsson, 2007/03/20
- Re: PAM vs GSSAPI?, Ashwin Ganti, 2007/03/20
- Re: PAM vs GSSAPI?, Simon Josefsson, 2007/03/20
- Re: PAM vs GSSAPI?, Simon Josefsson, 2007/03/20
- Re: PAM vs GSSAPI?, Ashwin Ganti, 2007/03/20
- Re: PAM vs GSSAPI?, Simon Josefsson, 2007/03/21
- Re: PAM vs GSSAPI?,
Russ Allbery <=
- Re: PAM vs GSSAPI?, Simon Josefsson, 2007/03/21
- Re: PAM vs GSSAPI?, Russ Allbery, 2007/03/21
- Re: PAM vs GSSAPI?, Simon Josefsson, 2007/03/22