Subject: Re: [netatalk-admins] Information on other authentications
From: William P. McGonigle (William.P.McGonigle@Hitchcock.ORG)
Date: Wed Apr 21 1999 - 10:51:07 EDT
--- Kent Reuber wrote:
Observations about Kerberos are still welcome...
--- end of quote ---
Adrian is working on splitting the uam functions out of the auth.c file into a
uam/ directory. The cleartext passwords seem to be implemented in this manner
in the current distribution.
We're using KClient here which isn't AuthMan compatible, even though it's all
krb4 (grumble) so I looked a year or so ago at doing a krb4 UAM for the
macintosh. At that point I decided a few things:
it was difficult to do until the uam stuff was hacked out (it is now)
it might not be worth doing for version 4, hoping we'd have 5 implemented by now
(we don't)
I wasn't a good enough mac programmer to do the UAM myself
I do drink the kerberos cool-aid, but have been thinking recently about trying
to re-implement a rand-num server-side uam that would do proxy-kerberos
authentication, perhaps with a krb4 PAM (haven't got that working on solaris
2.6), perhaps not. The security is inferior, but the compatibility would be
superior.
Is anyone else interested in this sort of kludge?
-Bill
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:16:38 EST