[TriLUG] Kerberos and Linux
Alan Porter
porter at trilug.org
Mon Mar 13 14:38:20 EST 2006
Kevin Otte said the following:
>I have our systems set up to try pam_unix first, then pam_krb5. This way if
>you try a root login, the local is matched first. I then add
>"use_first_pass" as a parameter to pam_krb5, such that you do not get a
>second prompt.
>
>kjotte at starbuck:~$ cat /etc/pam.d/common-auth
>auth sufficient pam_unix.so nullok_secure
>auth sufficient pam_krb5.so use_first_pass
>auth required pam_deny.so
>
>
This would make a great topic for a TriLUG meeting.
Volunteers?
Alan
More information about the TriLUG
mailing list