On Tue, Mar 13, 2012 at 6:45 PM, John Devitofranceschi <[email protected]> wrote:
> How is 'operator' going to authenticate? > > Will it have its own password and principal? Or will users be mapped to it > via operator's .k5login or by using auth_to_local statements in krb5.conf? > > jd The operator will login to the machine using the "normal" Linux authentication screen. I managed to successfully have tickets as user/fqdn by creating keytabs for that user and including "kinit -k -t <persistent keytab path>" in its profile. However, this solution makes me have to manually create a keytab file for each user in each machine, which I believe must not be a "good practice". Or should it be? With some modified pam module it can probably be done I guess. I must confess I am no expert at all handling pam configuration... On Tue, Mar 13, 2012 at 7:20 PM, Greg Hudson <[email protected]> wrote: > On 03/13/2012 01:45 PM, John Devitofranceschi wrote: > > How is 'operator' going to authenticate? > > The most workable interpretation of the request is that operator's > password will be the Kerberos password of operator/fqdn, which will be > different for each host. > > It looks like this may be possible with Russ's pam_krb5 using the > alt_auth_map or search_k5login directives. > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
