Solaris 8 PAM and MIT Kerberos V
Jose Marques
noway at nohow.demon.co.uk
Fri Oct 4 06:51:38 EDT 2002
On Fri, 4 Oct 2002, Dan Karlsson wrote:
[Snip]
> # su - daka
> Password:
> su: Sorry
Try pressing return when first prompted for a password. Does it then ask
you for a Kerberos password?
I found that I had to modify pam.conf to put the Kerberos entries first to
make it work in a reasonable manner. I'm no pam expert so I have no idea
if this is the correct solution.
-8<- cut here ---
# Kerberos
login auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass debug
dtlogin auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass debug
other auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass debug
dtlogin account sufficient /usr/lib/security/$ISA/pam_krb5.so.1 debug
other account sufficient /usr/lib/security/$ISA/pam_krb5.so.1 debug
other session sufficient /usr/lib/security/$ISA/pam_krb5.so.1 debug
other password sufficient /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass debug
#
# Authentication management
#
login auth required /usr/lib/security/pam_unix.so.1
login auth required /usr/lib/security/pam_dial_auth.so.1
#
rlogin auth required /usr/lib/security/pam_unix.so.1
#
dtlogin auth required /usr/lib/security/pam_unix.so.1
#
other auth required /usr/lib/security/pam_unix.so.1
#
# Account management
#
login account required /usr/lib/security/pam_unix.so.1
dtlogin account required /usr/lib/security/pam_unix.so.1
#
other account required /usr/lib/security/pam_unix.so.1
#
# Session management
#
other session required /usr/lib/security/pam_unix.so.1
#
# Password management
#
other password required /usr/lib/security/pam_unix.so.1
-8<- cut here ----
--
Jose Marques
More information about the Kerberos
mailing list