Difference between revisions of "Pam-krb5"
(→Configuring) |
|||
(2 intermediate revisions by one other user not shown) | |||
Line 2: | Line 2: | ||
|-valign="top" | |-valign="top" | ||
!Download Source: | !Download Source: | ||
− | | http://archives.eyrie.org/software/ | + | | http://archives.eyrie.org/software/ARCHIVE/pam-krb5/pam-krb5-{{Pam-krb5-Version}}.tar.gz |
|} | |} | ||
Line 17: | Line 17: | ||
Compile the package: | Compile the package: | ||
− | sed -i | + | sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && |
./configure --prefix=/usr --libdir=/lib && | ./configure --prefix=/usr --libdir=/lib && | ||
make | make | ||
Line 32: | Line 32: | ||
Compile the package: | Compile the package: | ||
− | sed -i | + | sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && |
CC="gcc ${BUILD32}" USE_ARCH=32 \ | CC="gcc ${BUILD32}" USE_ARCH=32 \ | ||
./configure --prefix=/usr --libdir=/lib && | ./configure --prefix=/usr --libdir=/lib && | ||
Line 46: | Line 46: | ||
Compile the package: | Compile the package: | ||
− | sed -i | + | sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && |
CC="gcc ${BUILDN32}" USE_ARCH=n32 \ | CC="gcc ${BUILDN32}" USE_ARCH=n32 \ | ||
./configure --prefix=/usr --libdir=/lib32 && | ./configure --prefix=/usr --libdir=/lib32 && | ||
Line 60: | Line 60: | ||
Compile the package: | Compile the package: | ||
− | sed -i | + | sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && |
CC="gcc ${BUILD64}" USE_ARCH=64 \ | CC="gcc ${BUILD64}" USE_ARCH=64 \ | ||
./configure --prefix=/usr --libdir=/lib64 && | ./configure --prefix=/usr --libdir=/lib64 && |
Latest revision as of 06:49, 17 December 2010
Download Source: | http://archives.eyrie.org/software/ARCHIVE/pam-krb5/pam-krb5-3.15.tar.gz |
---|
Contents
Introduction to Pam-krb5
pam-krb5 provides a Kerberos v5 PAM module that supports authentication, user ticket cache handling, simple authorization (via .k5login or checking Kerberos principals against local usernames), and password changing. It can be configured through either options in the PAM configuration itself or through entries in the system krb5.conf file, and it tries to work around PAM implementation flaws in commonly-used PAM-enabled applications such as OpenSSH and xdm.
Project Homepage: http://www.eyrie.org/~eagle/software/pam-krb5/
Dependencies
Required
Non-Multilib
Compile the package:
sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && ./configure --prefix=/usr --libdir=/lib && make
Install the package:
make install && chmod -v 755 /lib/security/pam_krb5.so
Multilib
32Bit
Compile the package:
sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && CC="gcc ${BUILD32}" USE_ARCH=32 \ ./configure --prefix=/usr --libdir=/lib && make
Install the package:
make install && chmod -v 755 /lib/security/pam_krb5.so
N32
Compile the package:
sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && CC="gcc ${BUILDN32}" USE_ARCH=n32 \ ./configure --prefix=/usr --libdir=/lib32 && make
Install the package:
make install && chmod -v 755 /lib32/security/pam_krb5.so
64Bit
Compile the package:
sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && CC="gcc ${BUILD64}" USE_ARCH=64 \ ./configure --prefix=/usr --libdir=/lib64 && make
Install the package:
make install && chmod -v 755 /lib64/security/pam_krb5.so
Configuring
If you want to authenticate passwords against Kerberos add pam_krb5.so to the pam system-auth file. The following commands insert pam_krb5.so after pam_unix.so in /etc/pam.d/system-auth:
sed -i "/auth.*pam_unix.so/a\auth sufficient pam_krb5.so try_first_pass" /etc/pam.d/system-auth && sed -i "/account.*pam_unix.so/a\account required pam_krb5.so" /etc/pam.d/system-auth && sed -i "/password.*pam_unix.so/a\password sufficient pam_krb5.so" /etc/pam.d/system-auth && sed -i "/session.*pam_unix.so/a\session sufficient pam_krb5.so" /etc/pam.d/system-auth