Re: Kerberos client functionalities in NetBSD

To: Greg Troxel <gdt%lexort.com@localhost>
Subject: Re: Kerberos client functionalities in NetBSD
From: Rocky Hotas <rockyhotas%firemail.cc@localhost>
Date: Wed, 19 Feb 2020 12:30:27 +0100

On feb 10 11:27, Greg Troxel wrote:
> Thanks for posting your note.

Thanks to you for the comments! :)

[...]

> For kadmin, there is a notion of an admin instance of principal and that
> the admin instance is on the acl to do things, but the person's regular
> instance isn't.  This is culture, not spec, but good to know.

If you are mentioning the difference between e.g. jennifer%ATHENA.MIT.EDU@localhost
and jennifer/admin%ATHENA.MIT.EDU@localhost mentioned here

 <http://web.mit.edu/KERBEROS/krb5-1.5/krb5-1.5.4/doc/krb5-user/What-is-a-Kerberos-Principal_003f.html>

yes, I got it.

> The culture is to use GSSAPI for authentication, not direct krb5.  I am
> really unclear on the PAM module scene. 

I am too, unfortunately. But IIUC, GSSAPI is used in ssh connections and
is not mentioned in PAM modules. Anyway, take this with a grain of salt,
because I'm not very skilled about it.

Sorry for the huge delay in this reply. I'm sure having checked the mail
after the Kerberos message, and there was no new mail, maybe due to some
problem in my server.

Rocky

References:
- Kerberos client functionalities in NetBSD
  - From: Rocky Hotas

Prev by Date: Re: NetBSD 9.0 randomly boots
Next by Date: Re: Kerberos client functionalities in NetBSD
Previous by Thread: Kerberos client functionalities in NetBSD
Next by Thread: Re: Kerberos client functionalities in NetBSD
Indexes:

Home | Main Index | Thread Index | Old Index