PAM_KRB5 Issue
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Wed Sep 22 19:25:51 EDT 2004
Norbert is correct. In Solaris 9, the default behavior for PAM-KRB5 is
to require a host key in the keytab file (/etc/krb5/krb5.keytab) in
order to properly authenticate that the ticket issued came from the
correct KDC.
-Wyllys
Norbert Klasen wrote:
>>
>> I do not actually. I never had to do that with Solaris 8, so I was
>> wondering. I'm in the process of gettign user IDs created in AD for the
>> system.
>
>
> The Solaris 9 module verifies the tgt. See
> <http://docs.sun.com/db/doc/817-3946/6mjgmt4nd?q=pam_krb5&a=view>.
> Probably Solaris 8 didn't do this.
>
> Norbert
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list