A Pluggable Authentication Module for Kerberos 5
This is pam_krb5, a pluggable authentication module that can be used with
Linux-PAM and Kerberos 5. This module supports password checking, ticket
creation, and optional TGT verification and conversion to Kerberos IV tickets.
The included pam_krb5afs module also gets AFS tokens if so configured.
This is a major rewrite of pam_krb5afs. Call it 2.x, for lack of a better term.
o Compared to the earlier releases, this tree builds a single module which
"knows" how to do everything which is knowable at compile-time.
o Configuration options which can now be set as library defaults in the
system-wide krb5.conf are now largely ignored by the module.
In addition to specifying the user's pkinit_identity to pam_krb5, Heimdal
expects, at minimum, to be configured with the location of the trusted root
certificates using the "pkinit_anchors" option in the [libdefaults] section
MIT Kerberos expects, at minimum, to be configured with the location of the
trusted root certificates and the user's identity. These options, passed
through the "preauth_options" option, include:
X509_anchors (for example "FILE:/etc/pki/tls/cert.pem")
X509_user_identity (for example "PKCS11:/usr/$LIB/libcoolkeypk11.so")
Their corresponding names in the [libdefaults] section of krb5.conf are:
Winbind makes users who are members of a domain appear to be normal users, with
the domain name freq
- 2.3.11:* create credentials before trying to look up the location of the
user's home directory
afs5log(8) System Administrator's Manual afs5log(8)
afs5log - AFS to
pam_krb5(5) System Administrator's Manual pam_krb5(5)
pam_krb5 - Kerbe
pam_krb5(8) System Administrator's Manual pam_krb5(8)
pam_krb5 - Kerbe
Browse inside pam_krb5-2.3.11-9.el6.i686.rpm