Date: Thu, 5 May 2005 11:31:11 -0600 From: Tillman Hodgson <tillman@seekingfire.com> To: freebsd-questions@freebsd.org Subject: Re: Kerberos 5 Message-ID: <20050505173111.GR91867@seekingfire.com> In-Reply-To: <20050505171131.40764.qmail@web50401.mail.yahoo.com> References: <20050505154510.38AC516A4FE@hub.freebsd.org> <20050505171131.40764.qmail@web50401.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 05, 2005 at 10:11:30AM -0700, Damian Sobieralski wrote: > Followup up: > > If AFTER I log in, I issue > kinit and type my password in. Now when I > do a klist I get ticket information. Shouldn't the pam module do this > aotomatically (call kinit)? PAM does not map well to Kerberos, unfortunately. Generally speaking you want to avoid PAM with Kerberos if you can possibly use native Kerberos :-) I haven't used pam_krb5 in a long time, but perhaps I can help debug things. Can you post your PAM configure for however it is that you're logging in? (SSH, local console, kerberos telnet, etc). The ccache= option to the PAM module looks applicable, for example. -T -- Do not meddle in the affairs of sysadmins, for they can make your life miserable by doing nothing.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050505173111.GR91867>