[31283] in Kerberos
Re: Linux kerberos authentication ; gdm
daemon@ATHENA.MIT.EDU (Bjoern Tore Sund)
Mon Jul 6 04:17:18 2009
Message-ID: <4A51B2ED.1040504@it.uib.no>
Date: Mon, 06 Jul 2009 10:16:45 +0200
From: Bjoern Tore Sund <bjorn.sund@it.uib.no>
MIME-Version: 1.0
To: Nicolas Michel <nicolas.michel@lemail.be>
In-Reply-To: <1246865726.5299.20.camel@nm-laptop>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Nicolas Michel wrote:
> Hi here,
>
> I want to authenticate some linux computers (ubuntu) on a kerberos
> server, linked to an ldap one. I see how to do that with pam.
> But I have two questions :
> - is there an "offline" mode? (if I have no access to the internet I
> want to have access to my session)
Not with Kerberos itself, unless you start configuring a Kerberos server
slave on each client... You may want to have a look at pam_usersync,
https://sourceforge.net/projects/pam-usersync/develop - there are man
pages in the code explaining how to use it. It syncronises user data
into local passwd files if a successful network login is done. Works
with any network authentication system, we're using it with Kerberos for
our Linux laptops.
> - with gdm, is it possible to get a window when the password must be
> changed (and where must I configure that password policy? On the
> kerberos server?)
Sorry, outside of what I've looked at.
-BT
--
Bjørn Tore Sund Phone: 555-84894 Email: bjorn.sund@it.uib.no
IT department VIP: 81724 Support: http://bs.uib.no
Univ. of Bergen
When in fear and when in doubt, run in circles, scream and shout.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
