Darren J Moffat wrote:
> Garrett D'Amore wrote:
>> Just to set my understanding straight: does the pam_krb5 module
>> combined with sudo's pam support provide full Kerberos
>> functionality? Are there any feature gaps from sudo's native
>> Kerberos support?
>
> The Kerberos support doesn't appear to be well documented (it isn't
> mentioned at all in the man page) so that is hard for me to tell.
> However it doesn't even build on Solaris, it compiles but fails to
> link against our libkrb5 due to missing symbols:
> krb5_get_init_creds_opt_alloc krb5_get_init_creds_opt_free.
>
> I believe that the following in /etc/pam.conf is equivalent (actually
> it is in some ways better because of pam_unix_cred) to building sudo
> with Kerberos support but I'm not completely sure (and I'm not the
> project team either).
>
> sudo auth required pam_unix_cred.so
> sudo auth required pam_krb5.so.
>
Thanks for the clarification. Sounds like just using PAM is definitely
the right approach for Solaris. :-)
-- Garrett
