Kerberos auth based on ticket

Russ Allbery rra at
Mon Dec 15 18:45:55 EST 2008

Mathew Rowley <mathew_rowley at> writes:

> I am having a really hard time finding any documentation about PAM
> configurations.  I want to be able to authenticate an SSH login with a
> valid Kerberos ticket.  What configurations do I need within the
> /etc/pam.d/system-auth file to allow an authentication to succeed with a
> valid ticket.

You're having a hard time finding that documentation because those are two
unrelated things.  PAM configuration only affects what one does once one
has a password in hand.  To authenticate with a Kerberos ticket, you need
both an ssh client and an ssh server that support GSSAPI authentication, a
keytab for the server, and GSSAPI authentication enabled.  PAM is not

Russ Allbery (rra at             <>

More information about the Kerberos mailing list