pam_krb5 and blank passwords.
Digant C Kasundra
digant at stanford.edu
Wed Feb 14 01:07:22 UTC 2007
I'm not sure what the problem might be, but I can say I think there is a
better pam_krb5 module than the one that comes with RedHat:
<http://www.eyrie.org/~eagle/software/pam-krb5/>
--On Wednesday, February 07, 2007 3:03 PM +1000 Ian Mortimer
<ian at physics.uq.edu.au> wrote:
> We've been using this auth configuration to allow login with krb5 (AD)
> or with a unix password:
>
> auth required pam_env.so
> auth sufficient pam_krb5.so
> auth sufficient pam_unix.so use_first_pass
> auth required pam_deny.so
>
> The way this works has changed between pam-0.79 + pam_krb5-2.1.15
> and pam-0.99.6.2 + pam_krb5-2.2.11.
>
> Previously if a user had an AD account but no password set they
> could not login with a blank password - now they can. This
> probably should be fixed in AD but I was wondering if there's a
> way of doing it through pam.
>
>
> Thanks
> ---
> Ian
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
More information about the Pam-list
mailing list