[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RedHat's pam_krb5 port for Heimdal
I wrote the heimdal port for RedHat's pam_krb5.
I think Nalin Dahyabhai's pam_krb5 is best available
pam_krb5 module at this time.
It's now able to get krb5 tgt,
convert krb5 tgt to krb4 tgt (krb524),
get afs tokens with krb5_afslog,
optinal native kth-krb4 ticket grabing,
and I wrote a new code which is usefull e.g at ssh with token
forwarding. It try to use and convert the forwarded krb5 tgt
to krb4 tgt and to afs tokens.
It is now in beta status.
Now we have little problem with "how to setting the timeouts for
MIT krb5 use 3 timeout variables:
extern int krb5_max_skdc_timeout;
extern int krb5_skdc_timeout_shift;
extern int krb5_skdc_timeout_1;
max_timeout The maximum amount of time to wait for a response
from the KDCs, in seconds
timeout_shift The amount to increase the timeout (by left
shifting) by after each failed request
initial_timeout The time to wait for the first KDC to respond, in
It seems that with heimdal we can control the timeouts "only" with
one variable with context->kdc_timeout.
It is true?