kerberos + gssapi password change
Andreas Girardet
girardet at nz1.ibm.com
Fri Oct 10 05:28:07 EST 2003
PAM config looks like this for sshd
#################################################
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_limits.so
session optional /lib/security/pam_console.so
password required /lib/security/pam_cracklib.so retry=3
type=
system auth:
######################################################
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth
auth sufficient /lib/security/pam_krb5.so use_first_pass
auth required /lib/security/pam_deny.so
account [default=bad success=ok user_unknown=ignore service_err=ignore
system_err=ignore authinfo_unavail=ignore] /lib/security/pam_ldap.so
account [default=bad success=done user_unknown=ignore
service_err=ignore system_err=ignore] /lib/security/pam_unix.so
account [default=bad success=ok user_unknown=ignore service_err=ignore
system_err=ignore] /lib/security/pam_krb5.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so use_authtok md5 shadow
remember=5
password sufficient /lib/security/pam_krb5.so use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_krb5.so
########################################
Andreas
More information about the openssh-unix-dev
mailing list