In article <[EMAIL PROTECTED]>, Russ Allbery <[EMAIL PROTECTED]> wrote: ... > The pam_krb5 modules that I've used either don't do this or only do this > when the keytab is available, presumably doing a security vs. ease of > deployment tradeoff. One difficulty is that if the authentication is not > being done as root, the PAM module needs something other than the host > keytab to use for verification, and I don't know of any PAM module that is > configurable enough to be pointed at any keytab and use that keytab for > verification. It would be a good thing to add, though.
Wonder if this situation is common enough to warrant library support for some default file convention, like /etc/krb5.keytab if root, otherwise ~/krb5.keytab. Not to say a configurable parameter isn't a good thing, too. Donn Cave, [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos