Kerberos auth based on ticket

Russ Allbery rra at stanford.edu
Mon Dec 15 18:45:55 EST 2008


Mathew Rowley <mathew_rowley at cable.comcast.com> writes:

> I am having a really hard time finding any documentation about PAM
> configurations.  I want to be able to authenticate an SSH login with a
> valid Kerberos ticket.  What configurations do I need within the
> /etc/pam.d/system-auth file to allow an authentication to succeed with a
> valid ticket.

You're having a hard time finding that documentation because those are two
unrelated things.  PAM configuration only affects what one does once one
has a password in hand.  To authenticate with a Kerberos ticket, you need
both an ssh client and an ssh server that support GSSAPI authentication, a
keytab for the server, and GSSAPI authentication enabled.  PAM is not
involved.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list