OpenSSH, GSSAPI, and PAM
Sam Hartman
hartmans at MIT.EDU
Tue Mar 18 16:35:33 EST 2003
The configuration I use on debian is as follows:
#%PAM-1.0
auth required pam_nologin.so
auth [success=ok default=1] pam_krb5.so forwardable
auth [default=1] pam_permit.so
auth required pam_unix.so
auth [default=ignore] pam_openafs_session.so
auth required pam_env.so # [1]
account sufficient pam_krb5.so
account required pam_unix.so
session required pam_unix.so
session optional pam_lastlog.so # [1]
session optional pam_motd.so # [1]
session optional pam_mail.so standard noenv # [1]
session required pam_limits.so
password required pam_unix.so
More information about the Kerberos
mailing list