Manualshelf

Configuration Guide for Kerberos Client Products on HP-UX 11.0 | HP-UX 11i v1 | HP-UX 11i v1.6 | HP-UX 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
31323334353637383940
Introduction to the Kerberos Products and GSS-API
PAM Kerberos
Chapter 234
Kerberos. If the user cannot be authenticated or if this
is the first authentication module in the stack, prompt
for a password.
ignore This option returns PAM_IGNORE. Generally this option
should not be used. However, it may not be desirable or
may not be necessary to authenticate certain users
(root, ftp, ...) with Kerberos. In such cases, you can use
this option in /etc/pam_user.conf(4) for per user
configuration. It is not recommended for you to use this
option in pam.conf(4). See the examples section.
Refer to /etc/pam.krb5 in Appendix A, “Sample pam.conf File,” for a
sample pam.conf file configured for PAM Kerberos.
Credential Cache
The credential management function in Kerberos sets user-specific
credentials. It stores the credentials in a cache file and exports an
environment variable, KRB5CCNAME, to identify the cache file. Any
subsequent kerberos service access can use the same credential file. The
name of that file is retrieved from the variable KRB5CCNAME.
A credential file is created in the /tmp directory -- when the user
accesses the system.
If the user first accessesthe systemfrom anysystem entry service -- such
as login, ftp, rlogin, or telnet -- a unique credential file is created in
the /tmp/creds directory. This file is named krb5cc_<ppid>_<pid>,
where ppid is the parent process and pid is the process id of the process
creating this credential file.
An example PAM configuration file is as shown below: