I am sorry if I had hit the wrong list . can someone enlighten me about the PAM Kerberos authentication ( downloaded from fcusack) validating the TGT that it obtained with the host service principal's keytab entry (using the funciton verify_krb_v5_tgt) , I dont understand the purpose of doing this because the server machine is the one who gets the TGT on behalf of the client( principal ) and its the one who is handling the host entry also . And this call fails if the keytab file exists and there is no valid entry for the host service principal and the authentication will be successful if there is a valid entry for host principal or there is no keytab file at all . thanks in advance for the help . bandi
