> So, I just whipped up a pam_gss. It actually uses SPNEGO so it will work with any mechanism. I'll clean up and publish the code tomorrow.
Very rough and untested:
http://www.padl.com/download/pam_gss.tar.gz
The logic is:
pam_sm_authenticate
{
GSS_Acquire_cred_with_password()
while context incomplete {
GSS_Init_sec_context()
GSS_Accept_sec_context()
}
GSS_Localname() to canonicalise user
}
pam_sm_acct_mgmt
{
GSS_Userok() to authorise user
}
pam_sm_setcred
{
GSS_Store_cred()
}
-- Luke
|