[30533] in Kerberos
Re: Kerberos auth based on ticket
daemon@ATHENA.MIT.EDU (Russ Allbery)
Mon Dec 15 18:46:42 2008
To: Mathew Rowley <mathew_rowley@cable.comcast.com>
In-Reply-To: <C56C37FD.4F6E%mathew_rowley@cable.comcast.com> (Mathew Rowley's
message of "Mon\, 15 Dec 2008 16\:36\:13 -0700")
From: Russ Allbery <rra@stanford.edu>
Date: Mon, 15 Dec 2008 15:45:55 -0800
Message-ID: <871vw9ypcc.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Mathew Rowley <mathew_rowley@cable.comcast.com> writes:
> I am having a really hard time finding any documentation about PAM
> configurations. I want to be able to authenticate an SSH login with a
> valid Kerberos ticket. What configurations do I need within the
> /etc/pam.d/system-auth file to allow an authentication to succeed with a
> valid ticket.
You're having a hard time finding that documentation because those are two
unrelated things. PAM configuration only affects what one does once one
has a password in hand. To authenticate with a Kerberos ticket, you need
both an ssh client and an ssh server that support GSSAPI authentication, a
keytab for the server, and GSSAPI authentication enabled. PAM is not
involved.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
