Help: Login and Kerberos

Lee Eric openlinuxsource at gmail.com
Sun Jun 5 12:36:17 EDT 2011


Thanks mate. It seems I need to modify /etc/pam.d/system-auth file.
Here's the original contents:

auth        required      pam_env.so
auth        sufficient    pam_fprintd.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok
try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so
session     [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session     required      pam_unix.so

So could you tell me how do I modify that file?

Thanks very much.

Eric

On Sun, Jun 5, 2011 at 2:31 AM, Russ Allbery <rra at stanford.edu> wrote:
> Lee Eric <openlinuxsource at gmail.com> writes:
>
>> Hi all,
>
>> I have set up a Kerberos server already in my network environment and
>> clients can get users principle tkt by kinit. And I hope when users
>> login they can get their principle automatically. So what I need to do
>> with the system? Do I need to use PAM to achieve that?
>
> Yup, assuming that you're talking about Linux or other UNIX systems.
> That's the standard functionality of any Kerberos PAM module.
>
>> And what password will use when user login?
>
> The Kerberos password, usually, although you have various more complex
> options available to you in PAM configuration if you want.
>
> --
> Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>
>




More information about the Kerberos mailing list