Logging on with cached ticket

Nikolay Shopik shopik at inblock.ru
Fri Jun 5 10:56:45 EDT 2009


On 05.06.2009 18:36, Russ Allbery wrote:
> Nikolay Shopik<shopik at inblock.ru>  writes:
>
>> Only thing I found is pam_krb5 which have existing_ticket
>> option. (tells pam_krb5.so to accept the presence of pre-existing
>> Kerberos credentials provided by the calling application in the
>> default credential cache as sufficient to authenticate the user, and
>> to skip any account management checks). While this available only in
>> Red Hat from what I see but not in Debian/Ubuntu.
>
> I could add it easily enough.  I just never understood the use case.
> Could you explain more about how you end up in this situation?  Where is
> the ticket coming from that's being used for authentication?
>

Option "existing_ticket" not available on Debian libpam-krb5 package. 
I'm sorry which situation exactly?

Well ticket is coming from KDC when it was available and can be used
until it expired, from my understanding.



More information about the Kerberos mailing list