Thanks mate. It seems I need to modify /etc/pam.d/system-auth file. Here's the original contents:
auth required pam_env.so auth sufficient pam_fprintd.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so So could you tell me how do I modify that file? Thanks very much. Eric On Sun, Jun 5, 2011 at 2:31 AM, Russ Allbery <[email protected]> wrote: > Lee Eric <[email protected]> writes: > >> Hi all, > >> I have set up a Kerberos server already in my network environment and >> clients can get users principle tkt by kinit. And I hope when users >> login they can get their principle automatically. So what I need to do >> with the system? Do I need to use PAM to achieve that? > > Yup, assuming that you're talking about Linux or other UNIX systems. > That's the standard functionality of any Kerberos PAM module. > >> And what password will use when user login? > > The Kerberos password, usually, although you have various more complex > options available to you in PAM configuration if you want. > > -- > Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
