Introduction to the Kerberos Products and
PAM Kerberos
The pam.conf File on
#For per user configuration the libpam_updbe.1 (pam_updbe(5)) module
#must be the first module in the stack. If Kerberos authentication
#is valid the UNIX authentication function will not be invoked.
login | auth | required | libpam_updbe.so.1 |
login | auth | sufficient | libpam_krb5.so.1 |
login | auth | required | libpam_unix.so.1 try_first_pass |
login | password | required | libpam_updbe.so.1 |
login | password | required | libpam_krb5.so.1 |
login | password | required | libpam_unix.so.1 try_first_pass |
login | account | required | libpam_updbe.so.1 |
login | account | required | libpam_krb5.so.1 |
The pam_krb5 File on
login | account | required | /usr/lib/security/libpam_unix.1 |
login | session | required | /usr/lib/security/libpam_updbe.1 |
login | session | required | /usr/lib/security/libpam_krb5.1 |
login | session | required | /usr/lib/security/libpam_unix.1 |
The pam_krb5 File on
login | account | required | /usr/lib/security/$ISA/libpam_unix.so.1 |
login | session | required | /usr/lib/security/$ISA/libpam_updbe.so.1 |
login | session | required | /usr/lib/security/$ISA/libpam_krb5.so.1 |
login | session | required | /usr/lib/security/$ISA/libpam_unix.so.1 |
The pamkrbval Tool
Use the pamkrbval tool to validate your PAM Kerberos configuration. This tool verifies PAM Kerberos configuration files and enables the system administrator to diagnose the problem, if any. Following are the files, the pamkrbval tool verifies:
•/etc/pam.conf
•/etc/pam_user.conf
•/etc/krb5.conf
•/etc/krb5.keytab
This tool also checks if the default realm KDC is up and running.
The pamkrbval tool validates the following:
48 | Chapter 2 |