Using Kerberos5 for login

"Florian Preuß" florian-preuss at gmx.net
Thu Jan 27 02:21:13 EST 2005


At the moment I'm using SuSE 9.2 Professional. I read about pam_ccreds but I
thought it's not able to use it with Kerberos. For my understanding it's
used in combination with nss_updatedb which makes a local db including
passwd and groups from ldap and nsswitch falls back to pam_ccred which uses
the db if no LDAP is availiable. But my scenario is a bit different.
I'm using W2k3 as KDC for authentication and an OpenLDAP for the accounts.
A user is authenticated at the KDC an then uses nsswitch to get the user
information out of the OpenLDAP. If I now disconnect the Client from the
network and try to login, it tries to use the KDC for authentication but it
should use the ticket obtained by the KDC before.

-Florian

> >>>>> "FP" == Florian Preu <Florian> writes:
> 
> FP> Is there a possibility to store credentials to log into a system,
> FP> if the kdc is not availiable?
> 
> Recent Fedora releases have pam_ccreds for doing credential caching.
> It should work with any Linux distro supporting PAM, but I don't know
> how useful it is at this point.  If you need a solution for some other
> OS, perhaps you should specify what you're using.
> 
>  - J<
> 

-- 
10 GB Mailbox, 100 FreeSMS http://www.gmx.net/de/go/topmail
+++ GMX - die erste Adresse für Mail, Message, More +++


More information about the Kerberos mailing list