[31235] in Kerberos
Re: Logging on with cached ticket
daemon@ATHENA.MIT.EDU (Russ Allbery)
Fri Jun 5 10:38:40 2009
To: Nikolay Shopik <shopik@inblock.ru>
In-Reply-To: <4A28A736.8050500@inblock.ru> (Nikolay Shopik's message of "Fri\,
05 Jun 2009 09\:03\:50 +0400")
From: Russ Allbery <rra@stanford.edu>
Date: Fri, 05 Jun 2009 07:36:34 -0700
Message-ID: <87skie21e5.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Nikolay Shopik <shopik@inblock.ru> writes:
> Only thing I found is pam_krb5 which have existing_ticket
> option. (tells pam_krb5.so to accept the presence of pre-existing
> Kerberos credentials provided by the calling application in the
> default credential cache as sufficient to authenticate the user, and
> to skip any account management checks). While this available only in
> Red Hat from what I see but not in Debian/Ubuntu.
I could add it easily enough. I just never understood the use case.
Could you explain more about how you end up in this situation? Where is
the ticket coming from that's being used for authentication?
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
