PAM_KRB5 Issue

Wyllys Ingersoll wyllys.ingersoll at
Wed Sep 22 19:25:51 EDT 2004

Norbert is correct.  In Solaris 9, the default behavior for PAM-KRB5 is
to require a host key in the keytab file (/etc/krb5/krb5.keytab) in
order to properly authenticate that the ticket issued came from the
correct KDC.


Norbert Klasen wrote:
>> I do not actually.  I never had to do that with Solaris 8, so I was
>> wondering.  I'm in the process of gettign user IDs created in AD for the
>> system.
> The Solaris 9 module verifies the tgt. See 
> <>. 
> Probably Solaris 8 didn't do this.
> Norbert
> ________________________________________________
> Kerberos mailing list           Kerberos at

More information about the Kerberos mailing list