[29051] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Fw: SSO with telnet/rlogin/rsh

daemon@ATHENA.MIT.EDU (Russ Allbery)
Tue Jan 15 13:52:58 2008

To: kerberos@mit.edu
In-Reply-To: <478CD5E4.605@anl.gov> (Douglas E. Engert's message of "Tue\,
	15 Jan 2008 09\:48\:52 -0600")
From: Russ Allbery <rra@stanford.edu>
Date: Tue, 15 Jan 2008 10:52:27 -0800
Message-ID: <87hchekjkk.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

"Douglas E. Engert" <deengert@anl.gov> writes:

> From a Kerberos prospective both could be correct. Using the process ID
> as part of the cache name allows for session based credentials, so each
> telnet session has its own cache.

telnetd should include both the UID and the PID in the cache name.  This
works much more smoothly with rpc.gssd and is what I do in pam-krb5.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[29051] in Kerberos

Re: Fw: SSO with telnet/rlogin/rsh

daemon@ATHENA.MIT.EDU (Russ Allbery)Tue Jan 15 13:52:58 2008

daemon@ATHENA.MIT.EDU (Russ Allbery)
Tue Jan 15 13:52:58 2008