pam_krb5

Clone
Source Code
GIT

Files

  1.   16c1740ea89517c4d4609ee69f0c4d1ebd5b7716
debian
pam.d
src
tests
AUTHORS
COPYING
COPYING.LIB
COPYING.MIT
ChangeLog
Makefile.am
NEWS
README
configure.ac
pam_krb5.spec
autogen
dlopen.sh
README 
This is a major rewrite of pam_krb5afs.  Call it 2.0, for lack of a better term.

o Compared to the earlier releases, this tree builds a single module which
  "knows" how to do everything which is knowable at compile-time.
o Configuration options which can now be set as library defaults in the
  system-wide krb5.conf are now ignored by the module.

Standard options:
o debug
  Log debugging messages at LOG_DEBUG priority.
o no_warn
  When authenticating, don't warn the user about an expired password.
o use_authtok
  When changing passwords, never prompt for password data.  Instead, use
  data stored by a previously-called module.
o use_first_pass
  When authenticating, never prompt for password data.  Instead, use a
  password which was stored by a previously-called module.
o try_first_pass
  When authenticating, first try to authenticate using the password which
  was stored by a previously-called module.  If it fails, then prompt for
  the correct password and try again.

Recognized options (krb5.conf's appdefaults/pam section, and command-line):
o banner=Kerberos
  When changing passwords, tell users that they are changing their Kerberos
  passwords (unset to avoid using any term other than "password").
o ccache_dir=/tmp
  Directory in which to store ccache and ticket files.
o keytab=/etc/krb5.keytab
  Default keytab to use when validating initial credentials.
o krb4_convert
  Obtain Kerberos IV ticket files, even if not required for the sake of AFS.
o minimum_uid=NUMBER
  Default keytab to use when validating initial credentials.
o no_user_check
  Go ahead and authenticate users for whom getpwnam() returns no information.
  Credential cache and ticket files will be created and owned by the current
  user and group ID instead of the user's.
o realm=REALM
  Override the default realm.
o tokens
  Obtain AFS tokens during the authentication phase.
o validate
  Validate initial credentials.  By default, credentials are validated if
  the specified keytab file can be read.

Configuration file only:
o afs_cells = cell1 cell2 cell3

This module's CVS repository is hosted on elvis.redhat.com.  To check the
current sources out of CVS, use the anoncvs access.
    cvs -d :pserver:anoncvs@elvis.redhat.com:/usr/local/CVS login
    cvs -d :pserver:anoncvs@elvis.redhat.com:/usr/local/CVS co pam_krb5
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.