Last I checked there was a plugable authentication module for LINUX which
supported kerberos. This would seem to provide the functionality you
require without kernel hacking.
"Curtis M. Brune" wrote:
> Hello--
>
> I was wondering if it's possible (or has been done) to "kerberize" the
> linux kernel so that as every process is instantiated the user is first
> authenticated by a kerberos KDC. I want to authenticate thousands of
> users before they launch any program, even programs like /bin/ls,
> without recompiling/relinking or manually "kerberizing" a single
> existing program. is this possible?
>
> I can see generating a default principal for each user based on their
> UID and a default realm. I envision giving a module a list of
> directories that contain executable programs that require authentication
> to run. Seems possible, has anybody done this?
>
> I don't know anything about writing a kernel module or other kernel
> hacking, but i'm up for it!
>
> Also I think this might violate some "crypto in the kernel" rules -- I
> poked around the international kernel patch for a while, but didn't find
> anything.
>
> Cheers,
> Curt
--Regards.
Don Rolph w-rolph@ds.mc.ti.com WD3 MS10-13 (508)-236-1263
--------------2FB40DBFE96C5352A38C8AE3 Content-Type: text/x-vcard; charset=us-ascii; name="w-rolph.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Don Rolph Content-Disposition: attachment; filename="w-rolph.vcf"
begin:vcard n:Rolph;Don tel;fax:508 236 3476 tel;work:508 236 1263 x-mozilla-html:TRUE org:Advanced Analysis Laboratory version:2.1 email;internet:w-rolph@ds.mc.ti.com title:Distinguished Member Tech. Staff adr;quoted-printable:;;MS 10-13=0D=0A34 Forest St.;Attleboro;MA;02703;US fn:Don Rolph end:vcard
--------------2FB40DBFE96C5352A38C8AE3--
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/