pam_krb5 and blank passwords.
Ian Mortimer
ian at physics.uq.edu.au
Wed Feb 7 05:03:05 UTC 2007
We've been using this auth configuration to allow login with krb5 (AD)
or with a unix password:
auth required pam_env.so
auth sufficient pam_krb5.so
auth sufficient pam_unix.so use_first_pass
auth required pam_deny.so
The way this works has changed between pam-0.79 + pam_krb5-2.1.15
and pam-0.99.6.2 + pam_krb5-2.2.11.
Previously if a user had an AD account but no password set they
could not login with a blank password - now they can. This
probably should be fixed in AD but I was wondering if there's a
way of doing it through pam.
Thanks
---
Ian
More information about the Pam-list
mailing list