A Pluggable Authentication Module for Kerberos 5.
This is pam_krb5, a pluggable authentication module that can be used with
Linux-PAM and Kerberos 5. This module supports password checking, ticket
creation, and optional TGT verification and conversion to Kerberos IV tickets.
The included pam_krb5afs module also gets AFS tokens if so configured.
This is a major rewrite of pam_krb5afs. Call it 2.x, for lack of a better term.
o Compared to the earlier releases, this tree builds a single module which
"knows" how to do everything which is knowable at compile-time.
o Configuration options which can now be set as library defaults in the
system-wide krb5.conf are now largely ignored by the module.
Winbind makes users who are members of a domain appear to be normal users, with
the domain name frequently included as a prefix of the user name. Kerberos
doesn't handle this perfectly.
Specifically, for a user named tester in domain TEST and realm
TEST.EXAMPLE.COM, we have two names.
Kerberos principal name (userPrincipalName): tester@TEST.EXAMPLE.COM
Winbind/POSIX user name:
- 2.2.13: * make it possible to have more than one ccache (and tktfile) at a
time to work around apps which open a session, set the environment,
and initialize creds (when we previously created a ccache, removing
the one which was named in the environment)
- 2.2.12: * add a "pwhelp" option. Display the KDC error to users.
- 2.2.11: * return success from our account management callb
afs5log(8) System Administrator's Manual afs5log(8)
afs5log - AFS to
pam_krb5(5) System Administrator's Manual pam_krb5(5)
pam_krb5 - Kerbe
pam_krb5(8) System Administrator's Manual pam_krb5(8)
pam_krb5 - Kerbe
pam_krb5_storetmp(8)System Administrator's Manuapam_krb5_storetmp(8)
* src/options.c,src/minikafs.c,src/afs5log.c: merge Jan Iven's changes
Browse inside pam_krb5-2.2.14-22.el5.x86_64.rpm