[email protected] wrote: > What version of pam_krb5 are you using? > It may or may not accept a principal in place of a name. Some > versions of pam_krb5 can add an additional prompt to > prompt for the principal, so that the local user name does noit > have to match the principal, and can be fro a different realm.
> Russ's version has the above feature and is in Debian: > <http://www.eyrie.org/~eagle/software/pam-krb5/> I'm using the default pam_krb5 that comes with CentOS 5.2... 2.2.14. I take it that I will need to update to 3.13 to get this added feature to prompt for principal? I'll have to hunt for a RHEL/CentOS compatible RPM or build one myself. > You also did not say if you created a host keytab and registered > the host in AD. pam_krb5 will try and get a service ticket > for the loccal host. I did not create a keytab, nor have I registered the host in AD. I was under the impression that I didn't need to unless I wanted to use other features such as password changes. The use case I'm dealing with doesn't require this feature. Am I incorrect in saying I don't need a keytab or to add the client host to AD in this case? Thanks for your help, Jim ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
