[Fwd: kclient version 2 [PSARC/2007/401 FastTrack timeout 07/13/2007]]
Gary Winiger
gww at eng.sun.com
Thu Jul 19 13:33:28 PDT 2007
> Following diff shows:
>
> 1. revised -s text
> --s pam_service: where pam_service is the service name to be configured for
> - Kerberos authentication in the pam.conf(4) file
> --t: configure a simple broadcast/multicast NTP client
> +-s pam_service:{first | only | optional}[,...]
> + where pam_service is the service name to be configured for
> + Kerberos as the account authority in the pam.conf(4) file
> + first: try authenticating through Kerberos first, if this fails try to
> + authenticate through Unix
> + only: only try to authenticate through Kerberos
> + optional: try authenticating through Unix first, if this is successful
> + try to authenticate through Kerberos
> + multiple services can be delimited by commas (",")
> +
> + Three files will be installed with this project under /etc/security/pam:
> + pam_krb5_first
> + pam_krb5_only
> + pam_krb5_optional
> + These files pertain to the "include" references in pam.conf when the -s
> + option has been used for any service names specified.
Please install the files to "include" in the default place defined
in PSARC/2005/217 PAM include control flag. That is:
included PAM configuration
files are assumed to be relative to /usr/lib/security/.
Then absolute paths will not be required in "master" pam.conf.
Gary..
More information about the opensolaris-arc
mailing list