>PAM (Pluggable Authentication Module) is an authentication architecture >(this is the keyword) that uses many authentication metods and one of this >metod is the so-called "shadow". In other words, they are not mutually >exclusive. You can use shadow, kerberos, and any other authentication >method "structured" in PAM.
A minor pedantic point: It's not possible to do Kerberos authentication within the PAM framework (because PAM takes a username/password pair). It's possible to do Kerberos PASSWORD authentication, but that's very different from true Kerberos authentication. --Ken
