Thanks for the advice, I think I've got it all working now. What I'm ultimately trying to do is set up a single sign on situation where all passwords etc. are stored with Kerberos and permissions etc are stored in an OpenLDAP database. I've nearly done this using pam_krb5 for authentication and I'm going to use pam_ldap for account information. Is it possible that if a user already has a kerberos ticket and has permission on the destination host that they can be logged on automatically without having to enter a password?
Yes, but not through PAM (AFAIK). This is more of an ssh question, but you can log into the first host with PAM and get your credentials, but then you need to use gssapi or gssapi-with-mic authentication (depending on if you have OpenSSH 3.7.x or 3.8x).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
