[29053] in Kerberos
Re: Fw: SSO with telnet/rlogin/rsh
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Tue Jan 15 14:20:46 2008
Message-ID: <478D0760.60604@anl.gov>
Date: Tue, 15 Jan 2008 13:20:00 -0600
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: Russ Allbery <rra@stanford.edu>
In-Reply-To: <87hchekjkk.fsf@windlord.stanford.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Russ Allbery wrote:
> "Douglas E. Engert" <deengert@anl.gov> writes:
>
>> From a Kerberos prospective both could be correct. Using the process ID
>> as part of the cache name allows for session based credentials, so each
>> telnet session has its own cache.
>
> telnetd should include both the UID and the PID in the cache name. This
> works much more smoothly with rpc.gssd and is what I do in pam-krb5.
OK that works too. But I thought the main problem as stated in the note was
that the rpc.gssd could not read the environment of the process, and thus
alway defaulted to using the default ticket cache.
This is the same set if issues I have with Nico about session vs user
based caches.
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
