[TriLUG] Kerberos and Linux

Kevin Otte nivex at nivex.net
Mon Mar 13 14:24:22 EST 2006


I have our systems set up to try pam_unix first, then pam_krb5.  This way if
you try a root login, the local is matched first.  I then add
"use_first_pass" as a parameter to pam_krb5, such that you do not get a
second prompt.

kjotte at starbuck:~$ cat /etc/pam.d/common-auth
auth    sufficient      pam_unix.so nullok_secure
auth    sufficient      pam_krb5.so use_first_pass
auth    required        pam_deny.so

This is on an Ubuntu machine, so some changes may need to be made for other
platforms.  Good luck!

-- 
Kevin Otte, N8VNR
nivex at nivex.net
http://www.nivex.net/

-=-

"Those who cannot remember the past are condemned to repeat it." 
-- George Santayana

"It seems no one reads Santayana anymore."
-- Cdr. Susan Ivanova, Babylon 5




More information about the TriLUG mailing list