[Freeipa-devel] Question about pam_krb5 and FreeIPA
mike
mike at flyn.org
Mon Mar 10 08:20:59 UTC 2008
>> Unlike Apache, pam_krb5 does not seem to require a service key. My
>> understanding is that the service key is used to ensure that the Kerberos
>> server is not being spoofed. Could anyone explain why pam_krb5 does not
>> seem to require a service key? Is this optional?
>
> pam_krb5 can do that using the keyword validate in [appdefaults] pam
> section.
Shouldn't validation be enabled by default by ipa-client-install?
Mike
More information about the Freeipa-devel
mailing list