Subject: Re: Centralized User and Password Management
To: None <netbsd-users@NetBSD.org>
From: Tillman Hodgson <tillman@seekingfire.com>
List: netbsd-users
Date: 11/24/2004 10:43:29
On Wed, Nov 24, 2004 at 04:16:13PM +0000, Dick Davies wrote:
> * Ben Collver <collver@peak.org> [1143 15:43]:
> > On Wed, Nov 24, 2004 at 07:51:34AM -0600, Tillman Hodgson wrote:
> > > This gives a traditional "feeling" system that's very easy to set up and
> > > maintain (NIS) and provides both signle-sign-on and reasonable security
> > > (Kerberos and IPsec).
> > 
> > The last time I tried to configure Kerberos, xdm and ssh would not
> > authenticate against it.  This was inconvenient because I typically use
> > these to log in.
> > 
> > Doing a quick check, ssh is now linked to libkrb5, but xdm is not.
> > What do you use to start X?
> 
> What you could do is have xdm talk via pam to pam_krb5 , which should
> go and get your ticket for you.

Does NetBSD have PAM now? I was under the impression that it was still
verboten. A quick check on my NetBSD 2.0G system doesn't find anything
PAMish ...

If NetBSD /did/ support PAM, that makes many Kerberos things much
easier (although using "native" Kerberos services instead is vastly
preferred).

-T


-- 
"Imagination is more important than knowledge."
    -- Albert Einstein