Summary Solaris 10 dtlogin Kerberos Login

From: <Matthew.GARRETT_at_external.total.com>
Date: Tue Jun 09 2009 - 09:30:16 EDT
Thanks to Casper for his help and large amounts of input.

/etc/pam.conf needed the following entries

dtlogin auth requisite          pam_authtok_get.so.1
dtlogin auth required           pam_dhkeys.so.1
dtlogin auth required           pam_unix_cred.so.1
dtlogin auth sufficient         pam_krb5.so.1
dtlogin auth required           pam_unix_auth.so.1


Matthew
casper@holland.sun.com wrote on 09/06/2009 12:57:02:

> 

> 
> I believe the modules should be list properly, pretty much was
> pam_krb5(5) explains:
> 
>        dtlogin auth requisite          pam_smartcard.so.1
>        dtlogin auth requisite          pam_authtok_get.so.1
>        dtlogin auth required           pam_dhkeys.so.1
>        dtlogin auth required           pam_unix_cred.so.1
>        dtlogin auth sufficient         pam_krb5.so.1
>        dtlogin auth required           pam_unix_auth.so.1
> 
> 
> sufficient indicates that we can short-cut the pam stack; but as you
> listed it, we first run all the "required" modules and those will
> likely fail (probably, pam_unix_auth will fail); this should work:
> 

Registered in England and Wales No.811900B B B B B B B B B  
Registered Office 33 Cavendish Square, London W1G 0PW
This e-mail and any attachments are intended only for the person or entity
to whom it is addressed and may contain confidential or privileged
information.B  If you are not the addressee, any disclosure, reproduction,
copying, distribution, or use of this communication is strictly prohibited.
If you are not the intended recipient or person responsible for delivering
this message to the named addressee, please notify us immediately and delete
this e-mail.
It is the responsibility of the addressee to scan this email and any
attachments for computer viruses or other defects.  The sender does not
accept liability for any loss or damage of any nature, however caused,
which may result directly or indirectly from this email or any file attached.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Tue Jun 9 09:30:28 2009

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:14 EST