I see that we already have pam_krb5 installed. Nice. I would like
to:
1. Move the pam_krb5 lines above the pam_unix lines so that kerberos
tickets are acquired when the user's kerberos password is the
same as their unix password.
2. Add "ignore_root" and "minimum_uid=100" to the pam_krb5 lines.
Also, we should install pam_openafs_session, which wraps each
apt-get install libpam-openafs-session
# /etc/pam.d/common-session
session required pam_openafs_session.so program=/usr/bin/aklog
There is an added advantage to this: any daemons (such as an imapd)
which use the user's password to do pam-aware authentication will
automatically be AFS-aware.
Is this okay with people?
- a
--
PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380
_______________________________________________
HCoop-SysAdmin mailing list
[email protected]
http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
