.k5login and non-kerberized ssh client

[Russ Allbery]

Ryan Boyd <rbisd at rit.edu> writes:

> Thanks Russ!  This looks to be a solution to my problem.  Based on this
> comment, I'm wondering if the PAM module goes through each user in the
> k5login and tries the password entered?

Yup!  That is indeed what it does.  It's an ugly hack, but it's what
works.

> It would be great to have a way to specify the principal I'm logging in
> to and the principal I'm authenticating as separately during the
> authentication process, thus eliminating this problem. However, this may
> be more complicated than it sounds :)

Yeah, I don't know of a way to do that that with PAM and ssh.  That would
definitely be more elegant.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>