On Tue, 2008-12-16 at 08:37 -0500, Rowley, Mathew wrote: > If you have a kerberos ticket, and ssh to a box that has GSSAPI > enabled, will that pass through/disregard the PAM stack?
It will skip only the auth target (and there is no other way because you are not providing a password the auth target can use). If you set UsePAM yes it should still go through the account and session targets, so that you can do proper access control/accounting/session handling. Simo. -- Simo Sorce * Red Hat, Inc * New York ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
