Kerberos auth based on ticket
Russ Allbery
rra at stanford.edu
Mon Dec 15 18:45:55 EST 2008
Mathew Rowley <mathew_rowley at cable.comcast.com> writes:
> I am having a really hard time finding any documentation about PAM
> configurations. I want to be able to authenticate an SSH login with a
> valid Kerberos ticket. What configurations do I need within the
> /etc/pam.d/system-auth file to allow an authentication to succeed with a
> valid ticket.
You're having a hard time finding that documentation because those are two
unrelated things. PAM configuration only affects what one does once one
has a password in hand. To authenticate with a Kerberos ticket, you need
both an ssh client and an ssh server that support GSSAPI authentication, a
keytab for the server, and GSSAPI authentication enabled. PAM is not
involved.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list