[31236] in Kerberos
Re: Logging on with cached ticket
daemon@ATHENA.MIT.EDU (Nikolay Shopik)
Fri Jun 5 10:59:18 2009
Message-ID: <4A29322D.6030707@inblock.ru>
Date: Fri, 05 Jun 2009 18:56:45 +0400
From: Nikolay Shopik <shopik@inblock.ru>
MIME-Version: 1.0
To: Russ Allbery <rra@stanford.edu>
In-Reply-To: <87skie21e5.fsf@windlord.stanford.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 05.06.2009 18:36, Russ Allbery wrote:
> Nikolay Shopik<shopik@inblock.ru> writes:
>
>> Only thing I found is pam_krb5 which have existing_ticket
>> option. (tells pam_krb5.so to accept the presence of pre-existing
>> Kerberos credentials provided by the calling application in the
>> default credential cache as sufficient to authenticate the user, and
>> to skip any account management checks). While this available only in
>> Red Hat from what I see but not in Debian/Ubuntu.
>
> I could add it easily enough. I just never understood the use case.
> Could you explain more about how you end up in this situation? Where is
> the ticket coming from that's being used for authentication?
>
Option "existing_ticket" not available on Debian libpam-krb5 package.
I'm sorry which situation exactly?
Well ticket is coming from KDC when it was available and can be used
until it expired, from my understanding.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
