[30567] in Kerberos
Re: disabling krb524d attempts - causes login hangs
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Dec 19 11:40:52 2008
From: Greg Hudson <ghudson@mit.edu>
To: Fletcher Cocquyt <fcocquyt@stanford.edu>
In-Reply-To: <loom.20081219T143531-401@post.gmane.org>
Date: Fri, 19 Dec 2008 11:39:14 -0500
Message-Id: <1229704754.12360.32.camel@ray>
Mime-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Fri, 2008-12-19 at 14:41 +0000, Fletcher Cocquyt wrote:
> How can we explicitly disable the krb524 communication attempt (campus does not
> run that service)
Ken's suggestions will work at a global level without requiring changes
to client configuration, which may be advantageous. But I read your
question as asking about client configuration, so:
First, find where pam_krb5 is configured in your system's PAM
configuration. grepping for krb5 in /etc/pam.d/* will probably turn it
up.
Second, consult the pam_krb5 man page (if you have one) to see what
option to use to turn it off. It may be "convert_krb4=false". Append
that to the pam_krb5 configuration line.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
