pam_ccreds was designed to be used with any PAM module, but I haven't tested it with anything but pam_ldap, and that was some time ago.
You'll still need to use nss_updatedb or something similar to cache account information as Kerberos is "just" an authentication service. -- Luke >From: "Florian Preu�" <[EMAIL PROTECTED]> >Subject: Re: Using Kerberos5 for login >To: [email protected] >Date: Thu, 27 Jan 2005 08:21:13 +0100 (MET) > >At the moment I'm using SuSE 9.2 Professional. I read about pam_ccreds but I >thought it's not able to use it with Kerberos. For my understanding it's >used in combination with nss_updatedb which makes a local db including >passwd and groups from ldap and nsswitch falls back to pam_ccred which uses >the db if no LDAP is availiable. But my scenario is a bit different. >I'm using W2k3 as KDC for authentication and an OpenLDAP for the accounts. >A user is authenticated at the KDC an then uses nsswitch to get the user >information out of the OpenLDAP. If I now disconnect the Client from the >network and try to login, it tries to use the KDC for authentication but it >should use the ticket obtained by the KDC before. > >-Florian > >> >>>>> "FP" == Florian Preu <Florian> writes: >> >> FP> Is there a possibility to store credentials to log into a system, >> FP> if the kdc is not availiable? >> >> Recent Fedora releases have pam_ccreds for doing credential caching. >> It should work with any Linux distro supporting PAM, but I don't know >> how useful it is at this point. If you need a solution for some other >> OS, perhaps you should specify what you're using. >> >> - J< >> > >-- >10 GB Mailbox, 100 FreeSMS http://www.gmx.net/de/go/topmail >+++ GMX - die erste Adresse f�r Mail, Message, More +++ >________________________________________________ >Kerberos mailing list [email protected] >https://mailman.mit.edu/mailman/listinfo/kerberos -- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
