PAM Krb5

Darren Tucker dtucker at zip.com.au
Thu Jun 3 01:19:42 UTC 2004


Anthony Ramm wrote:
> Thanks for the advice, I think I've got it all working now.  What I'm 
> ultimately trying to do is set up a single sign on situation where all 
> passwords etc. are stored with Kerberos and permissions etc are stored 
> in an OpenLDAP database.  I've nearly done this using pam_krb5 for 
> authentication and I'm going to use pam_ldap for account information.  
> Is it possible that if a user already has a kerberos ticket and has 
> permission on the destination host that they can be logged on 
> automatically without having to enter a password?

Yes, but not through PAM (AFAIK).  This is more of an ssh question, but 
you can log into the first host with PAM and get your credentials, but 
then you need to use gssapi or gssapi-with-mic authentication (depending 
on if you have OpenSSH 3.7.x or 3.8x).

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.





More information about the Pam-list mailing list