Logging on with cached ticket

Russ Allbery rra at stanford.edu
Fri Jun 5 10:36:34 EDT 2009


Nikolay Shopik <shopik at inblock.ru> writes:

> Only thing I found is pam_krb5 which have existing_ticket
> option. (tells pam_krb5.so to accept the presence of pre-existing
> Kerberos credentials provided by the calling application in the
> default credential cache as sufficient to authenticate the user, and
> to skip any account management checks). While this available only in
> Red Hat from what I see but not in Debian/Ubuntu.

I could add it easily enough.  I just never understood the use case.
Could you explain more about how you end up in this situation?  Where is
the ticket coming from that's being used for authentication?

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list