Linux kerberos authentication ; gdm

Bjoern Tore Sund bjorn.sund at
Mon Jul 6 04:16:45 EDT 2009

Nicolas Michel wrote:
> Hi here,
> I want to authenticate some linux computers (ubuntu) on a kerberos
> server, linked to an ldap one. I see how to do that with pam.
> But I have two questions :
> - is there an "offline" mode? (if I have no access to the internet I
> want to have access to my session)

Not with Kerberos itself, unless you start configuring a Kerberos server 
slave on each client...  You may want to have a look at pam_usersync, - there are man 
pages in the code explaining how to use it.  It syncronises user data 
into local passwd files if a successful network login is done.  Works 
with any network authentication system, we're using it with Kerberos for 
our Linux laptops.

 > - with gdm, is it possible to get a window when the password must be
 > changed (and where must I configure that password policy? On the
 > kerberos server?)

Sorry, outside of what I've looked at.

Bjørn Tore Sund       Phone: 555-84894   Email:   bjorn.sund at
IT department         VIP:   81724       Support:
Univ. of Bergen

When in fear and when in doubt, run in circles, scream and shout.

More information about the Kerberos mailing list