[28438] in Kerberos
Re: pam-krb5 3.6 released
daemon@ATHENA.MIT.EDU (Sam Hartman)
Wed Sep 19 16:34:26 2007
From: Sam Hartman <hartmans@mit.edu>
To: Russ Allbery <rra@stanford.edu>
Date: Wed, 19 Sep 2007 16:33:58 -0400
In-Reply-To: <871wcuqvif.fsf@windlord.stanford.edu> (Russ Allbery's message of
"Wed, 19 Sep 2007 12:56:40 -0700")
Message-ID: <tslbqbyo0nd.fsf@mit.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>>>>> "Russ" == Russ Allbery <rra@stanford.edu> writes:
Russ> There is a request for some way of verifying tickets against
Russ> a keytab that isn't readable by the user who is running the
Russ> program that is doing ticket verification, which is useful
Russ> in some specific limited situations on multi-user machines
I think that's a mischaracterization of the problem. You need this
whenever you have a service that needs to verify passwords but that
cannot be trusted with a Kerberos key of its own. It seems like
that's going to be much more common than just xscreensaver.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos