Garrett D'Amore wrote: > Just to set my understanding straight: does the pam_krb5 module combined > with sudo's pam support provide full Kerberos functionality? Are there > any feature gaps from sudo's native Kerberos support?
The Kerberos support doesn't appear to be well documented (it isn't mentioned at all in the man page) so that is hard for me to tell. However it doesn't even build on Solaris, it compiles but fails to link against our libkrb5 due to missing symbols: krb5_get_init_creds_opt_alloc krb5_get_init_creds_opt_free. I believe that the following in /etc/pam.conf is equivalent (actually it is in some ways better because of pam_unix_cred) to building sudo with Kerberos support but I'm not completely sure (and I'm not the project team either). sudo auth required pam_unix_cred.so sudo auth required pam_krb5.so. -- Darren J Moffat
