Kerberos auth based on ticket

Simo Sorce ssorce at redhat.com
Tue Dec 16 09:11:20 EST 2008


On Tue, 2008-12-16 at 08:37 -0500, Rowley, Mathew wrote:
> If you have a kerberos ticket, and ssh to a box that has GSSAPI
> enabled, will that pass through/disregard the PAM stack?

It will skip only the auth target (and there is no other way because you
are not providing a password the auth target can use).
If you set UsePAM yes it should still go through the account and session
targets, so that you can do proper access control/accounting/session
handling.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York




More information about the Kerberos mailing list