[Fwd: kclient version 2 [PSARC/2007/401 FastTrack timeout 07/13/2007]]
Gary Winiger
gww at eng.sun.com
Wed Jul 11 07:44:23 PDT 2007
> Gary Winiger wrote:
> >> -s pam_service: where pam_service is the service name to be configured for
> >> Kerberos authentication in the pam.conf(4) file
> >>
> >
> > What becomes of the account and password module type stacks?
> >
> Those are left untouched as the configurations that I've seen for these
> can range quite a bit.
> > I understand that session is a pam_krb5(5) no-op, but for
> > completeness what becomes of the session module type stack?
> >
> This is left untouched as well.
Now I am confused. The default delivered pam.conf(4) doesn't
deliver account management, password or session entries for
pam_krb5(5). Are you saying these stacks are unnecessary and
the pam_krb5(5) man page is incorrect?
As I read kclient, I would have expected all I needed to correctly
configure a service would have been -s <service>.
If that's not the case, then it seems to me that either the
pam_krb5(5) man page needs correction, or kclient needs to do more
work, or the kclient man page needs to say -s only does part of the
job and the admin must use $EDITOR to do the rest as described on
the pam_krb5(5) man page.
Gary..
More information about the opensolaris-arc
mailing list