On feb 10 11:27, Greg Troxel wrote: > Thanks for posting your note. Thanks to you for the comments! :)
[...] > For kadmin, there is a notion of an admin instance of principal and that > the admin instance is on the acl to do things, but the person's regular > instance isn't. This is culture, not spec, but good to know. If you are mentioning the difference between e.g. jenni...@athena.mit.edu and jennifer/ad...@athena.mit.edu mentioned here <http://web.mit.edu/KERBEROS/krb5-1.5/krb5-1.5.4/doc/krb5-user/What-is-a-Kerberos-Principal_003f.html> yes, I got it. > The culture is to use GSSAPI for authentication, not direct krb5. I am > really unclear on the PAM module scene. I am too, unfortunately. But IIUC, GSSAPI is used in ssh connections and is not mentioned in PAM modules. Anyway, take this with a grain of salt, because I'm not very skilled about it. Sorry for the huge delay in this reply. I'm sure having checked the mail after the Kerberos message, and there was no new mail, maybe due to some problem in my server. Rocky
