[Fwd: kclient version 2 [PSARC/2007/401 FastTrack timeout 07/13/2007]]
Gary Winiger
gww at eng.sun.com
Tue Jul 31 12:26:57 PDT 2007
> > Following diff shows:
> >
> > 1. revised -s text
>
> > --s pam_service: where pam_service is the service name to be configured for
> > - Kerberos authentication in the pam.conf(4) file
> > --t: configure a simple broadcast/multicast NTP client
> > +-s pam_service:{first | only | optional}[,...]
> > + where pam_service is the service name to be configured for
> > + Kerberos as the account authority in the pam.conf(4) file
> > + first: try authenticating through Kerberos first, if this fails try to
> > + authenticate through Unix
> > + only: only try to authenticate through Kerberos
> > + optional: try authenticating through Unix first, if this is successful
> > + try to authenticate through Kerberos
> > + multiple services can be delimited by commas (",")
> > +
> > + Three files will be installed with this project under /etc/security/pam:
> > + pam_krb5_first
> > + pam_krb5_only
> > + pam_krb5_optional
> > + These files pertain to the "include" references in pam.conf when the -s
> > + option has been used for any service names specified.
>
> Please install the files to "include" in the default place defined
> in PSARC/2005/217 PAM include control flag. That is:
> included PAM configuration
> files are assumed to be relative to /usr/lib/security/.
>
> Then absolute paths will not be required in "master" pam.conf.
Can we close on this issue from 2 weeks ago?
Gary..
More information about the opensolaris-arc
mailing list