OpenSSH, GSSAPI, and PAM

Sam Hartman hartmans at MIT.EDU
Tue Mar 18 16:35:33 EST 2003


The configuration I use on debian is as follows:

#%PAM-1.0
auth       required     pam_nologin.so
auth [success=ok default=1] pam_krb5.so forwardable
auth [default=1] pam_permit.so
auth       required     pam_unix.so
auth [default=ignore] pam_openafs_session.so
auth       required     pam_env.so # [1]

account sufficient pam_krb5.so

account    required     pam_unix.so

session    required     pam_unix.so
session    optional     pam_lastlog.so # [1]
session    optional     pam_motd.so # [1]
session    optional     pam_mail.so standard noenv # [1]
session    required     pam_limits.so

password   required     pam_unix.so



More information about the Kerberos mailing list