Re: PAM module for heimdal under Linux

[Joel Kociolek <joko@logidee.com>]

On Mon, Aug 14, 2000 at 03:26:37PM -0700, Frank Cusack wrote:
> On Mon, Aug 14, 2000 at 11:18:12PM +0200, Joel Kociolek wrote:
> > 
> > I have made a patch for the Kerberos 5 PAM module written by Frank Cusack 
> > [...]
> > I had to apply the patch for named memory caches written by Gombas
> > Gabor to heimdal sources
> > [...]
> 
> I'll give it a quick once-over at the end of this week.

Great, thanks.

> If it looks good 

Well, actually I'm not a kerberos or pam expert. I made it by trial and
error, using only Linux-PAM and MIT-Kerberos APIs documentation. 

But aside from this, it corrects one bug (according to MIT-kerberos doc)
in pam_krb5_auth.c where there were two inverted parameters in a call to
krb5_cc_next_cred(). It also tries to replace two calls (in support.c)
to what looked like MIT-Kerberos private functions
(krb5_princ_component() and krb5_free_data_contents()).

> (and works w/o named memory caches), 

It does not... In fact, I wa in the hope that Gombas Gabor's patch for
named memory caches would be integrated into heimdal.

What prevents it from being integrated ? Is there something I could do
to make it includable into heimdal ? Or is it a big no-no ?

I could also try to make it work without named memory caches, but I
would need a few directions to be able to do that.

In fact, I'm very much interested in a Linux PAM module for heimdal, but
my experience is to sparse to be able to understand all the do's and
dont's. I will gladly help if someone could give me a few starting
points.

> I'll update the PAM module to include the patch.

I would be really grateful if something could be done, and I'm ready to
help.


Joel K.

-- 
I want to  argue that an  effective way of  promoting true computer literacy
would be to make Unix basics part of the curriculum... for everybody.
   -- Martin Vermeer --          http://linuxtoday.org/stories/1846.html