Module Name: Author: Derrick J. Brashear <shadow@dementia.org> Maintainer: Author. Management groups provided: authentication; password; session Cryptographically sensitive: uses API Security rating: Clean code base: System dependencies: libraries - Network aware: Gets Kerberos ticket granting ticket via a Kerberos key distribution center reached via the network. Overview of module

This module provides an interface for doing Kerberos verification of a user's password, getting the user a Kerberos ticket granting ticket for use with the Kerberos ticket granting service, destroying the user's tickets at logout time, and changing a Kerberos password. Session component

Recognized arguments: Description: This component of the module currently sets the user's Examples/suggested usage: This part of the module won't be terribly useful until we can change the environment from within a Password component

Recognized arguments: Description: This component of the module changes a user's Kerberos password by first getting and using the user's old password to get a session key for the password changing service, then sending a new password to that service. Examples/suggested usage: This should only be used with a real Kerberos v4 Authentication component

Recognized arguments: Description: This component of the module verifies a user's Kerberos password by requesting a ticket granting ticket from the Kerberos server and optionally using it to attempt to retrieve the local computer's host key and verifying using the key file on the local machine if one exists. It also writes out a ticket file for the user to use later, and deletes the ticket file upon logout (not until Examples/suggested usage: This module can be used with a real Kerberos server using MIT v4 Kerberos keys. The module or the system Kerberos libraries may be modified to support AFS style Kerberos keys. Currently this is not supported to avoid cryptography constraints.