[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Debian /bin/login and heimdal kerberos



Brian May <bam@snoopy.apana.org.au> writes:

> Whats more... it appears to work!!!

Cool.

> - The Debian login program didn't support the parameter format used
> for heimdal telnet, eg it expected "login -f usercode" but was given
> "login -f -- usercode" instead.

Then it doesn't use getopt(3), or Debian getopt is broken.

> - the Debian login program sets all expected environment variables,
> eg TERM and SHELL. These are not set in the current release of
> heimdal (0.1g).

It will in 0.1h.

> - the Debian login program checks for mail on login. Heimdal login
> doesn't (at least on my system with mail in $HOME/Mailbox and
> $HOME/Maildir).

You can argue that this is a bug, but I don't really think it's the
job of login to see if you have any new mail. This feature will become
more and more useless as more and more people move away from
NFS-mounted spool directories. We might add support for this, but then
it will probably be in the form of an external program run by login
(but this is also pretty silly, as you can just as easy add this to
your /etc/profile, or whatever).


> currently I just use 'unlink'. I have renamed to KRB5 ticket file to
> the nonstandard /tmp/krb5cc_<uid>_<pid> for this to work (otherwise,
> when you logged out from one session, it would kill the ticket used
> by other login sessions).

This is (one of the reasons) why we don't do this.

> - no support for OTP, but I don't know of any kerberos 5
> implementation that supports it yet anyway (I could be wrong).

You mean authenticating via OTP:s? No, I think there are patches for
MIT Kerberos, but I have't seen them, and doesn't know how or if they
work.

/Johan