GNU/Linux man pages
Livre :
Expressions régulières,
Syntaxe et mise en oeuvre :
GNU/Linux |
RedHat 6.2(Zoot) |
|
 |
pam_krb5(5) |
 |
pam_krb5 − Kerberos 5 authentication
pam_krb5.so uses a portion of krb5.conf to get its configuration information. You should read the krb5.conf(5) man page before continuing here. The module expects its configuration information to be in the pam section of the krb5.conf configuration file.
|
debug |
can be set to true or false turns on debugging via syslog(3). |
ticket_lifetime
default ticket lifetime. If not specified, the default is 36000 seconds (10 hours).
renew_lifetime
default renewable lifetime. This specifies how much time you have after getting credentials to renew them. If not specified, the default is 36000 seconds (10 hours).
forwardable
controls whether or not tickets are forwardable. If not specified, they are.
krb4_convert
controls whether or not pam_krb5 tries to get Kerberos IV tickets using the krb524d service on the KDC and create ticket files with them. Unless you’ve converted everything on your system over to use Kerberos 5, you’ll want to leave this set to true.
|
hosts |
specifies which other hosts tickets obtained by pam_krb5 will be good on. If your host is behind a firewall, you should add the IP address or name that the KDC sees it as to this list. |
required_tgs
specifies a principal for which a user must be able to get a TGS for in order to be allowed access. This is the only certain way to be absolutely sure the TGT hasn’t been forged, and should always be used. This test is disabled by default because its value is site-specific.
[pam]
debug = true
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = true
hosts = thermo.example.edu alf.example.edu
required_tgs = zephyr/zephyr
/etc/krb5.conf
pam_krb5(8)
Possibly, but let’s hope not. If you find any, please email the author.
Nalin Dahyabhai <nalin@redhat.com>
|
pam_krb5(5) | |