PAM_KRB5 Issue
Tyson Oswald
oswaldt at ameritech.net
Wed Sep 22 20:00:22 EDT 2004
This would make sense from a security stand point.
thanks everyone for their help.
On Sep 22, 2004, at 07:25 PM, Wyllys Ingersoll wrote:
>
>
> Norbert is correct. In Solaris 9, the default behavior for PAM-KRB5 is
> to require a host key in the keytab file (/etc/krb5/krb5.keytab) in
> order to properly authenticate that the ticket issued came from the
> correct KDC.
>
> -Wyllys
>
>
>
> Norbert Klasen wrote:
>>>
>>> I do not actually. I never had to do that with Solaris 8, so I was
>>> wondering. I'm in the process of gettign user IDs created in AD for
>>> the
>>> system.
>> The Solaris 9 module verifies the tgt. See
>> <http://docs.sun.com/db/doc/817-3946/6mjgmt4nd?q=pam_krb5&a=view>.
>> Probably Solaris 8 didn't do this.
>> Norbert
>> ________________________________________________
>> Kerberos mailing list Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list