[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 0.6.4 krb4 / kaserver redux
On Sat, 2005-06-04 at 14:49 +0200, Love HÃ¶rnquist Ã…strand wrote:
> "Brandon S. Allbery KF8NH" <email@example.com> writes:
> > - add automatic reauthentication to kinit
> > * unlike John Bucy's original patch for 0.6.3, this one saves the
> > password in a pipe so it's only in process memory while it's being
> > used
> > * probably a future version should get a max-renewable-life ticket
> > and renew it periodically, instead of this hack
> This functionallity is already in 0.7 snapshot, please test it and see that
> it does what you want.
First I need to find a way to upgrade openssl without breaking the
world :) since the 0.7 snapshots I tried didn't like openssl 0.9.6.
It'll happen eventually but not right now.
> > - su now gets (well, 524s) a krb4 ticket as well as the krb5 ticket and
> > token
> > * ideally this patch will become obsolete here when I put this stuff
> > into wide distribution, but during testing I prefer not to need to
> > kinit after su in order to connect to older systems
> I'm considering to include this. But can't those site admins that really
> have to deal with Kerberos 4 just type "kinit -9" ?
In our case, it's a matter of having things work as much as possible the
way they did with the krb4 world. It's bad enough that I need to keep a
krb4-based OpenSSH around on the newer systems so we can authenticate to
the old machines that aren't being upgraded to krb5....
brandon s. allbery [linux,solaris,freebsd,perl] firstname.lastname@example.org
system administrator [WAY too many hats] email@example.com
electrical and computer engineering, carnegie mellon univ. KF8NH