Help: Login and Kerberos
Lee Eric
openlinuxsource at gmail.com
Sun Jun 5 12:36:17 EDT 2011
Thanks mate. It seems I need to modify /etc/pam.d/system-auth file.
Here's the original contents:
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok
try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session required pam_unix.so
So could you tell me how do I modify that file?
Thanks very much.
Eric
On Sun, Jun 5, 2011 at 2:31 AM, Russ Allbery <rra at stanford.edu> wrote:
> Lee Eric <openlinuxsource at gmail.com> writes:
>
>> Hi all,
>
>> I have set up a Kerberos server already in my network environment and
>> clients can get users principle tkt by kinit. And I hope when users
>> login they can get their principle automatically. So what I need to do
>> with the system? Do I need to use PAM to achieve that?
>
> Yup, assuming that you're talking about Linux or other UNIX systems.
> That's the standard functionality of any Kerberos PAM module.
>
>> And what password will use when user login?
>
> The Kerberos password, usually, although you have various more complex
> options available to you in PAM configuration if you want.
>
> --
> Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
>
More information about the Kerberos
mailing list