On Monday, July 23, 2012 3:07:21 PM UTC-7, Philip Brown wrote:
> Could anyone inform as to the correct procedure?
> raw pam.conf lines would be nice, but any insight as to better kclient usage would be nice also.
eh, this seems to work for me now:
(Since tabs dont get transferred in cut-n-paste, you'll have to manually interpret this patch. I trust that it is clear.)
--- /etc/pam.conf.orig Thu Oct 20 16:04:04 2011
+++ pam.conf.krb5 Mon Jul 23 16:04:18 2012
@@ -17,6 +17,7 @@
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
+login auth sufficient pam_krb5.so.1
login auth required pam_unix_auth.so.1
login auth required pam_dial_auth.so.1
#
@@ -70,7 +71,9 @@
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_cred.so.1
+other auth sufficient pam_krb5.so.1
other auth required pam_unix_auth.so.1