Introduction to the Kerberos Products and
PAM Kerberos
The Account Management Module
The Account Management module provides a function to perform account management. This function retrieves the user’s account and password expiration information from the Kerberos database and verifies that they have not expired. The module does not issue any warning if the account or the password is about to expire.
The following options can be passed to the Account Management module through the /etc/pam.conf(4) file:
debug | This option allows syslog(3C) debugging information |
| at LOG_DEBUG level. |
ignore | This option returns PAM_IGNORE. HP recommends not |
| using this option unless it is not necessary to |
| authenticate certain users or services with Kerberos. |
| In such cases you can use the ignore option in the |
| pam_user.conf file for per user configuration. |
| HP does not recommend using this option in the |
| pam.conf file. |
The Session Management Module
The session management module provides function to terminate sessions. It cleans up the credential cache file created by the Authentication module.
The following options can be passed to the session management module through the /etc/pam.conf(4) file:
debug | This option allows syslog(3C) debugging information |
| at LOG_DEBUG level. |
ignore | This option returns PAM_IGNORE. HP recommends not |
| using this option unless it is not necessary to |
| authenticate certain users or services with Kerberos. |
| In such cases you can use the ignore option in the |
| pam_user.conf file for per user configuration. HP |
| does not recommend using this option in the pam.conf |
| file. |
46 | Chapter 2 |