Kerberos 5

Tillman Hodgson tillman at seekingfire.com
Thu May 5 10:31:16 PDT 2005


On Thu, May 05, 2005 at 10:11:30AM -0700, Damian Sobieralski wrote:
> Followup up:
> 
>  If AFTER I log in, I issue > kinit and type my password in. Now when I
> do a klist I get ticket information.  Shouldn't the pam module do this 
> aotomatically (call kinit)?

PAM does not map well to Kerberos, unfortunately. Generally speaking you
want to avoid PAM with Kerberos if you can possibly use native Kerberos
:-)

I haven't used pam_krb5 in a long time, but perhaps I can help debug
things. Can you post your PAM configure for however it is that you're
logging in? (SSH, local console, kerberos telnet, etc). The ccache=
option to the PAM module looks applicable, for example.

-T


-- 
Do not meddle in the affairs of sysadmins, for they can make your life
miserable by doing nothing.


More information about the freebsd-questions mailing list