[31144] in Kerberos
Re: NIS => Kerberos/LDAP Migration
daemon@ATHENA.MIT.EDU (Russ Allbery)
Tue May 19 15:04:30 2009
To: kerberos@mit.edu
In-Reply-To: <E1M6UPt-00066n-2f@spam.ifs.umich.edu> (Marcus Watts's message of
"Tue\, 19 May 2009 14\:51\:56 -0400")
From: Russ Allbery <rra@stanford.edu>
Date: Tue, 19 May 2009 12:03:59 -0700
Message-ID: <87ws8cap9c.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Marcus Watts <mdw@umich.edu> writes:
> I'm not sure I understand why
> Authen::Krb5::Admin
> http://search.cpan.org/~korty/Authen-Krb5-Admin-0.11/Admin.pm
> is a problem. I've run it with various incarnations of MIT 1.4.3 /
> 1.6.3 for a while now. Ok, they weren't stock, but I don't remember doing
> anything special to export the necessary kadm5 functions. The only messy
> bit is that Authen::Krb5::Admin provides its own header files for the MIT
> functions - that sucks, but that having been said, it basically works.
> Is there something special about debian's MIT kerberos libraries?
That works -- you just can't use it in a PAM module. PAM modules
generally need to be C. I suppose you could embed a Perl interpreter in
a PAM module, but that terrifies me. You could also write a PAM module
that talks to something written in Perl via a local socket or something,
but now you're getting into a fair bit of coding.
> Instead of cloning the headers (like Authen::Krb5::Admin does) it
> should also be quite feasible to just get the debian source package
> for k5, configure or build as necessary, rip the desired headers out,
> modify as necessary, and use them direct. Admittedly, this is a hack,
> and a bad idea, and all that, but for migration purposes (surely you
> don't plan on doing this long-term?) this ought to suffice. Here's a
> mail message I posted May 2007 that describes how to do this:
> http://mailman.mit.edu/pipermail/krbdev/2007-March/005702.html
Yeah, you could do this.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
