Using Kerberos5 for login

[Luke Howard]

pam_ccreds was designed to be used with any PAM module, but I haven't
tested it with anything but pam_ldap, and that was some time ago.

You'll still need to use nss_updatedb or something similar to cache
account information as Kerberos is "just" an authentication service.

-- Luke

>From: "Florian Preuß" <florian-preuss at gmx.net>
>Subject: Re: Using Kerberos5 for login
>To: kerberos at mit.edu
>Date: Thu, 27 Jan 2005 08:21:13 +0100 (MET)
>
>At the moment I'm using SuSE 9.2 Professional. I read about pam_ccreds but I
>thought it's not able to use it with Kerberos. For my understanding it's
>used in combination with nss_updatedb which makes a local db including
>passwd and groups from ldap and nsswitch falls back to pam_ccred which uses
>the db if no LDAP is availiable. But my scenario is a bit different.
>I'm using W2k3 as KDC for authentication and an OpenLDAP for the accounts.
>A user is authenticated at the KDC an then uses nsswitch to get the user
>information out of the OpenLDAP. If I now disconnect the Client from the
>network and try to login, it tries to use the KDC for authentication but it
>should use the ticket obtained by the KDC before.
>
>-Florian
>
>> >>>>> "FP" == Florian Preu <Florian> writes:
>> 
>> FP> Is there a possibility to store credentials to log into a system,
>> FP> if the kdc is not availiable?
>> 
>> Recent Fedora releases have pam_ccreds for doing credential caching.
>> It should work with any Linux distro supporting PAM, but I don't know
>> how useful it is at this point.  If you need a solution for some other
>> OS, perhaps you should specify what you're using.
>> 
>>  - J<
>> 
>
>-- 
>10 GB Mailbox, 100 FreeSMS http://www.gmx.net/de/go/topmail
>+++ GMX - die erste Adresse für Mail, Message, More +++
>________________________________________________
>Kerberos mailing list           Kerberos at mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos

--