Difference between revisions of "Pam-krb5"
(One intermediate revision by one other user not shown) | |||
Line 2: | Line 2: | ||
|-valign="top" | |-valign="top" | ||
!Download Source: | !Download Source: | ||
− | | http://archives.eyrie.org/software/ | + | | http://archives.eyrie.org/software/ARCHIVE/pam-krb5/pam-krb5-{{Pam-krb5-Version}}.tar.gz |
|} | |} | ||
Line 18: | Line 18: | ||
sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && | sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && | ||
− | |||
./configure --prefix=/usr --libdir=/lib && | ./configure --prefix=/usr --libdir=/lib && | ||
make | make | ||
Line 34: | Line 33: | ||
sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && | sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && | ||
− | |||
CC="gcc ${BUILD32}" USE_ARCH=32 \ | CC="gcc ${BUILD32}" USE_ARCH=32 \ | ||
./configure --prefix=/usr --libdir=/lib && | ./configure --prefix=/usr --libdir=/lib && | ||
Line 49: | Line 47: | ||
sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && | sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && | ||
− | |||
CC="gcc ${BUILDN32}" USE_ARCH=n32 \ | CC="gcc ${BUILDN32}" USE_ARCH=n32 \ | ||
./configure --prefix=/usr --libdir=/lib32 && | ./configure --prefix=/usr --libdir=/lib32 && | ||
Line 64: | Line 61: | ||
sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && | sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && | ||
− | |||
CC="gcc ${BUILD64}" USE_ARCH=64 \ | CC="gcc ${BUILD64}" USE_ARCH=64 \ | ||
./configure --prefix=/usr --libdir=/lib64 && | ./configure --prefix=/usr --libdir=/lib64 && |
Latest revision as of 06:49, 17 December 2010
Download Source: | http://archives.eyrie.org/software/ARCHIVE/pam-krb5/pam-krb5-3.15.tar.gz |
---|
Contents
Introduction to Pam-krb5
pam-krb5 provides a Kerberos v5 PAM module that supports authentication, user ticket cache handling, simple authorization (via .k5login or checking Kerberos principals against local usernames), and password changing. It can be configured through either options in the PAM configuration itself or through entries in the system krb5.conf file, and it tries to work around PAM implementation flaws in commonly-used PAM-enabled applications such as OpenSSH and xdm.
Project Homepage: http://www.eyrie.org/~eagle/software/pam-krb5/
Dependencies
Required
Non-Multilib
Compile the package:
sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && ./configure --prefix=/usr --libdir=/lib && make
Install the package:
make install && chmod -v 755 /lib/security/pam_krb5.so
Multilib
32Bit
Compile the package:
sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && CC="gcc ${BUILD32}" USE_ARCH=32 \ ./configure --prefix=/usr --libdir=/lib && make
Install the package:
make install && chmod -v 755 /lib/security/pam_krb5.so
N32
Compile the package:
sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && CC="gcc ${BUILDN32}" USE_ARCH=n32 \ ./configure --prefix=/usr --libdir=/lib32 && make
Install the package:
make install && chmod -v 755 /lib32/security/pam_krb5.so
64Bit
Compile the package:
sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && CC="gcc ${BUILD64}" USE_ARCH=64 \ ./configure --prefix=/usr --libdir=/lib64 && make
Install the package:
make install && chmod -v 755 /lib64/security/pam_krb5.so
Configuring
If you want to authenticate passwords against Kerberos add pam_krb5.so to the pam system-auth file. The following commands insert pam_krb5.so after pam_unix.so in /etc/pam.d/system-auth:
sed -i "/auth.*pam_unix.so/a\auth sufficient pam_krb5.so try_first_pass" /etc/pam.d/system-auth && sed -i "/account.*pam_unix.so/a\account required pam_krb5.so" /etc/pam.d/system-auth && sed -i "/password.*pam_unix.so/a\password sufficient pam_krb5.so" /etc/pam.d/system-auth && sed -i "/session.*pam_unix.so/a\session sufficient pam_krb5.so" /etc/pam.d/system-auth