Hello!
We've been using Kerberos V 1.0.5 (and now 1.0.6) in a heterogeneous Unix
environment for more than a year. We've enabled Kerberized services (kshd,
klogind, K5 telnetd, etc) in addition to the standard system services, so
currently people can authenticate via K5 and then connect to the kerberized
version of a particular service *or* they can connect to the standard version
of a service (telnetd, for example) and authenticate via the SIA mechanism
in place (C2 security).
What I would like to add is the ability for someone to connect to a standard
system service (like telnetd) and have telnetd check their password against
the K5 database instead of (or even better, "in preference to") some
local method. I have similar functionality working on some of our Solaris
boxes using a Krb5 PAM module available on the net. Now I need the SIA
equivalent of that for Tru64 Unix (for 4.0f and soon 5.0).
Has anyone else already done the legwork and developed such a beast, that
they would be willing to share? If such a thing doesn't already exist I'm
willing to invent it myself, but it might then be helpful to have some
additional documentation/examples to supplement the information in the
"Security" guide for Digital Unix (I have the "Security" guide from March of
1996, i.e. the early 4.0 days). Anyone have some good examples of SIA
code that they would be willing to share?
Thanks,
Tim
--
Tim Mooney mooney_at_dogbert.cc.ndsu.NoDak.edu
Information Technology Services (701) 231-1076 (Voice)
Room 242-J1, IACC Building (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
Received on Fri Sep 10 1999 - 15:22:15 NZST