Open jschwartzenberg opened 4 years ago
jschwartzenberg
commented
4 years ago I found your description here: https://github.com/Evengard/cntlm/issues/9
As the version I mentioned has Kerberos using the ticket of the user running CNTLM, would your patch enable a system-wide CNTLM that might use the credentials/Kerberos ticket from the user whose TCP connection is accessing it? That would be a huge improvement!
jschwartzenberg
commented
3 years ago Initial branch with a rebased patch is here: https://github.com/jschwartzenberg/cntlm/commits/pam
jschwartzenberg
commented
3 years ago I found some idea on how to use this all here: https://sourceforge.net/p/pamcntlm/code/HEAD/tree/cntlm.sysconfig https://sourceforge.net/p/cntlm/feature-requests/14/
It's interesting this enables sharing a single instance for multiple users. Getting the password from PAM and keeping the hashes around probably isn't needed anymore when the user has a Kerberos ticket, but some rework would be necessary to let the shared memory version pick up a user's Kerberos ticket. This is presuming there are no environments anymore that are not supporting Kerberos but would still need the old hashes.
Hi @robertogonzalezazevedo! Did you consider rebasing this against https://github.com/versat/cntlm and possibly creating a PR? This fork is still maintained, I am looking to bring all CNTLM patches that around together there.
In what kind of use case would PAM authentication be used with CNTLM?