I think ignore_k5login together with no_ccache should achieve the same. Markus
"Sonja Benz" <[email protected]> wrote in message news:[email protected]... It allows user logins for user not known to the local host. In our case we want to use Kerberos as a kind of central and secure storage for user passwords. The user is able to authenticate via pam_krb5, but will gain host access for another identity / role. The manual page of Fedora pam_krb5 and the option no_user_check: no_user_check tells pam_krb5.so to not check if a user exists on the local system, to skip authorization checks using the user?s .k5login file, and to create ccache files owned by the current process?s UID. This is useful for situations where a non-privileged server process needs to use Kerberized services on behalf of remote users who may not have local access. Note that such a server should have an encrypted connection with its client in order to avoid allowing the user?s password to be eavesdropped. Sonja From: Russ Allbery <[email protected]> To: Sonja Benz/Germany/IBM@IBMDE Cc: [email protected] Date: 07/15/2011 09:50 PM Subject: Re: pam_krb5 for AIX Sonja Benz <[email protected]> writes: > That's great. We need a pam_krb5 which supports an option like > "no_user_check". I guess, yours does not? What does that option do? -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
