[33445] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Help: Login and Kerberos

daemon@ATHENA.MIT.EDU (Lee Eric)
Sun Jun 5 12:36:27 2011

MIME-Version: 1.0
In-Reply-To: <87y61hzbvv.fsf@windlord.stanford.edu>
Date: Mon, 6 Jun 2011 00:36:17 +0800
Message-ID: <BANLkTikZtiPYR1dUeRj78+CwT7aHWqRWFA@mail.gmail.com>
From: Lee Eric <openlinuxsource@gmail.com>
To: Russ Allbery <rra@stanford.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit

Thanks mate. It seems I need to modify /etc/pam.d/system-auth file.
Here's the original contents:

auth        required      pam_env.so
auth        sufficient    pam_fprintd.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok
try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so
session     [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session     required      pam_unix.so

So could you tell me how do I modify that file?

Thanks very much.

Eric

On Sun, Jun 5, 2011 at 2:31 AM, Russ Allbery <rra@stanford.edu> wrote:
> Lee Eric <openlinuxsource@gmail.com> writes:
>
>> Hi all,
>
>> I have set up a Kerberos server already in my network environment and
>> clients can get users principle tkt by kinit. And I hope when users
>> login they can get their principle automatically. So what I need to do
>> with the system? Do I need to use PAM to achieve that?
>
> Yup, assuming that you're talking about Linux or other UNIX systems.
> That's the standard functionality of any Kerberos PAM module.
>
>> And what password will use when user login?
>
> The Kerberos password, usually, although you have various more complex
> options available to you in PAM configuration if you want.
>
> --
> Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>
>

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
home help back first fref pref prev next nref lref last post