Tuesday, 2022/06/28
10:00 am ET
Terrell Russell, Alan King, Kory Draughn, Dave Fellinger, Martin Golasowski (IT4I), Mike Conway (NIEHS), Alexandros Kardaris (SURF), Stefan Wolfsheimer (SURF), Tony Edgin (CyVerse), Claudio Cacciari (SURF)
DISCUSSION
- Alan update
- 4.3.0 has been released
- KRB ported, but not shipped, could use the new flow if required
- Stefan update
- pam_interactive
- now using PAM and then native with temporary password
- avoids full PAM stack for each icommand (which is good)
- working, much more readable
- demo will work during the talk next week at UGM
- Still had to update iinit to know/use pam_interactive
- Stuck with this for now, will ship new logic in iinit in 4.3.1
- pam_interactive
- Discussion
- TTL? Less than 24h?
- There is a deep assumption in the existing code limiting our ability to move to 'seconds' everywhere - the server was unhappy when the TTL was set 'too low' (the checks were 'out of order')
- Temporary password vs. limited password
- We're still not sure the difference/importance/reasoning
- Other client libraries will need to learn about this new framework as well
- TTL? Less than 24h?
- Next Meeting
- July 2022