On Monday, April 02, 2007 10:33:31 AM +0100 Darren J Moffat <Darren.Moffat at Sun.COM> wrote:
> Shawn M Emery wrote: >> The stack configuration is for authentication and attempts to add a >> pam_krb5 entry with a sufficient control flag after pam_unix_cred. For >> example, sshd-kbdint would look like: >> >> sshd-kbdint auth requisite pam_authtok_get.so.1 >> sshd-kbdint auth required pam_dhkeys.so.1 >> sshd-kbdint auth required pam_unix_cred.so.1 >> sshd-kbdint auth sufficient pam_krb5.so.1 >> sshd-kbdint auth required pam_unix_auth.so.1 >> > > Why sufficient rather than binding ? Because binding would prevent me from logging in using only a local password? -- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA
