[30545] in Kerberos
Re: Kerberos auth based on ticket
daemon@ATHENA.MIT.EDU (Simon Wilkinson)
Tue Dec 16 09:54:14 2008
In-Reply-To: <7372D9734C591745A4C1D81017D5ABF6090F6B3F@NJCHLEXCMB01.cable.comcast.com>
Mime-Version: 1.0 (Apple Message framework v753.1)
Message-Id: <42331C1E-751C-4FCA-928E-FB745CD26BB3@sxw.org.uk>
From: Simon Wilkinson <simon@sxw.org.uk>
Date: Tue, 16 Dec 2008 14:52:31 +0000
To: "Rowley, Mathew" <Mathew_Rowley@cable.comcast.com>
Cc: kryanth@gopc.net, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 16 Dec 2008, at 14:32, Rowley, Mathew wrote:
> My question was more - if you have PAM and GSSAPI both enables,
> will the ssh client still go through the PAM stack (for
> authorization purposes).
Yes it will.
Any authorization rules enforced by the account step, any additional
credentials gained by the setcred step, and any session
initialisation performed by the session step will all occur for
GSSAPI authenticated connections.
S.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
