Kerberos auth based on ticket
ssorce at redhat.com
Tue Dec 16 09:11:20 EST 2008
On Tue, 2008-12-16 at 08:37 -0500, Rowley, Mathew wrote:
> If you have a kerberos ticket, and ssh to a box that has GSSAPI
> enabled, will that pass through/disregard the PAM stack?
It will skip only the auth target (and there is no other way because you
are not providing a password the auth target can use).
If you set UsePAM yes it should still go through the account and session
targets, so that you can do proper access control/accounting/session
Simo Sorce * Red Hat, Inc * New York
More information about the Kerberos