[Freeipa-devel] Question about pam_krb5 and FreeIPA
Simo Sorce
ssorce at redhat.com
Sun Mar 9 21:06:35 UTC 2008
mike wrote:
> Unlike Apache, pam_krb5 does not seem to require a service key. My
> understanding is that the service key is used to ensure that the Kerberos
> server is not being spoofed. Could anyone explain why pam_krb5 does not
> seem to require a service key? Is this optional?
pam_krb5 can do that using the keyword validate in [appdefaults] pam
section.
Simo.
More information about the Freeipa-devel
mailing list