Unix/Linux Go Back    

RedHat 9 (Linux i386) - man page for pam_krb5afs (redhat section 5)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

pam_krb5afs(5)			  System Administrator's Manual 		   pam_krb5afs(5)

       pam_krb5afs - Kerberos 5 authentication with AFS support

       pam_krb5afs.so  uses  a	portion  of  krb5.conf to get its configuration information.  You
       should read the krb5.conf(5) man page before continuing here.  The module expects its con-
       figuration  information	to  be	in  the  pam subsection of the appdefaults section of the
       krb5.conf configuration file (for backward compatibility, the pam section is also  checked
       for the same directives).

	      turns on debugging via syslog(3).

	      disables	the  checking  of the address in the ticket. Allows the ticket to be used
	      from behind NAT firewalls, or on machines whose IP address changes regularly.

	      specifies which cells you want to get tokens for.  Set this to the list of  all  of
	      your local cells.  The default is the current realm name converted to lower case.

	    specifies  what  kind  of  password  the  module claims to be changing when called to
	    change passwords.  The default is Kerberos 5.

	    specifies the directory to place credential cache files in.

	    controls whether or not credentials are forwardable.  If not specified, they are.

	    specifies which other hosts credentials obtained by pam_krb5afs will be good on.   If
	    your  host	is  behind a firewall, you should add the IP address or name that the KDC
	    sees it as to this list.

	    specifies the number of seconds to wait for the first KDC to respond, before attempt-
	    ing incremental backoff.

	    specifies the name of a keytab file to find a key for the required_tgs in, for use in
	    validating TGTs.

	    controls whether or not pam_krb5 tries to get Kerberos IV credentials  from  the  KDC
	    (or  using the krb524d service on the KDC) and create ticket files with them.  Unless
	    you've converted everything on your network over to use Kerberos 5,  you'll  want  to
	    leave this set to true.  Note that this requires valid Kerberos IV configuration data
	    to be present in /etc/krb.conf and /etc/krb.realms.

	    specifies the maximum amount of time to spend in attempting to get a reply	from  the
	    KDCs,  in  seconds. This in effect determines the amount of time before PAM tries the
	    next authentication scheme, if the network is not available.

	    specifies the minimum UID of users being authenticated.  If a user with  a	UID  less
	    than this value attempts authentication, the request will be ignored.

	    controls whether or not credentials are proxiable.	If not specified, they are.

	    default renewable lifetime.  This specifies how much time you have after getting cre-
	    dentials to renew them.

	    specifies a principal for which a user must be able to get a session key for for  the
	    purpose  of verifying that the TGT has not been forged.  The key is decrypted using a
	    copy of the service's key stored in a local keytab file.  This is  the  only  certain
	    way to be absolutely sure the TGT hasn't been forged.  The default is host@hostname.

	    specifies whether or not to retain the ticket after closing the session.  The default
	    is false.

	    default credential lifetime.

	    specifies the number of bits left to shift after each timeout,  in	implementing  the
	    incremental backoff in talking to the KDCs.

	    specifies whether or not to attempt validation of the TGT.	The default is false.

	 pam = {
	   debug = true
	   ticket_lifetime = 36000
	   renew_lifetime = 36000
	   forwardable = true
	   krb4_convert = true
	   afs_cells = transarc.com foo.example.edu
	   hosts = thermo.example.edu alf.example.edu
	   validate = true
	   required_tgs = host/thermo.example.edu
	   ccache_dir = /var/tmp



       Probably, but let's hope not.  If you find any, please email the author.

       Nalin Dahyabhai <nalin@redhat.com>

Red Hat Linux				    2002/02/15				   pam_krb5afs(5)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 11:07 AM.