Difference between revisions of "Pam-krb5"
From CBLFS
Jump to navigationJump to search (New page: {| style="text-align: left; background-color: AliceBlue;" |-valign="top" !Download Source: | http://archives.eyrie.org/software/kerberos/pam-krb5-{{Pam-krb5-Version}}.tar.gz |} {{Package-...) |
|||
| (12 intermediate revisions by one other user not shown) | |||
| Line 2: | Line 2: | ||
|-valign="top" | |-valign="top" | ||
!Download Source: | !Download Source: | ||
| − | | http://archives.eyrie.org/software/ | + | | http://archives.eyrie.org/software/ARCHIVE/pam-krb5/pam-krb5-{{Pam-krb5-Version}}.tar.gz |
|} | |} | ||
| − | {{Package-Introduction| | + | {{Package-Introduction|pam-krb5 provides a Kerberos v5 PAM module that supports authentication, user ticket cache handling, simple authorization (via .k5login or checking Kerberos principals against local usernames), and password changing. It can be configured through either options in the PAM configuration itself or through entries in the system krb5.conf file, and it tries to work around PAM implementation flaws in commonly-used PAM-enabled applications such as OpenSSH and xdm.|http://www.eyrie.org/~eagle/software/pam-krb5/}} |
== Dependencies == | == Dependencies == | ||
| Line 11: | Line 11: | ||
=== Required === | === Required === | ||
* [[PAM Library]] | * [[PAM Library]] | ||
| − | * [[MIT krb5]] | + | * [[MIT krb5]] or [[Heimdal]] |
| − | == | + | == Non-Multilib == |
| + | |||
| + | Compile the package: | ||
| − | = | + | sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && |
| + | ./configure --prefix=/usr --libdir=/lib && | ||
| + | make | ||
| + | Install the package: | ||
| + | make install && | ||
| + | chmod -v 755 /lib/security/pam_krb5.so | ||
== Multilib == | == Multilib == | ||
| Line 23: | Line 30: | ||
=== 32Bit === | === 32Bit === | ||
| − | + | Compile the package: | |
| + | |||
| + | sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && | ||
| + | CC="gcc ${BUILD32}" USE_ARCH=32 \ | ||
| + | ./configure --prefix=/usr --libdir=/lib && | ||
| + | make | ||
| + | |||
| + | Install the package: | ||
| + | |||
| + | make install && | ||
| + | chmod -v 755 /lib/security/pam_krb5.so | ||
=== N32 === | === N32 === | ||
| − | + | Compile the package: | |
| + | |||
| + | sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && | ||
| + | CC="gcc ${BUILDN32}" USE_ARCH=n32 \ | ||
| + | ./configure --prefix=/usr --libdir=/lib32 && | ||
| + | make | ||
| + | |||
| + | Install the package: | ||
| + | |||
| + | make install && | ||
| + | chmod -v 755 /lib32/security/pam_krb5.so | ||
=== 64Bit === | === 64Bit === | ||
| − | + | Compile the package: | |
| + | |||
| + | sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && | ||
| + | CC="gcc ${BUILD64}" USE_ARCH=64 \ | ||
| + | ./configure --prefix=/usr --libdir=/lib64 && | ||
| + | make | ||
| + | |||
| + | Install the package: | ||
| + | |||
| + | make install && | ||
| + | chmod -v 755 /lib64/security/pam_krb5.so | ||
| + | |||
| + | == Configuring == | ||
| + | |||
| + | If you want to authenticate passwords against Kerberos add pam_krb5.so to the pam system-auth file. The following commands insert pam_krb5.so after pam_unix.so in /etc/pam.d/system-auth: | ||
| + | |||
| + | sed -i "/auth.*pam_unix.so/a\auth sufficient pam_krb5.so try_first_pass" /etc/pam.d/system-auth && | ||
| + | sed -i "/account.*pam_unix.so/a\account required pam_krb5.so" /etc/pam.d/system-auth && | ||
| + | sed -i "/password.*pam_unix.so/a\password sufficient pam_krb5.so" /etc/pam.d/system-auth && | ||
| + | sed -i "/session.*pam_unix.so/a\session sufficient pam_krb5.so" /etc/pam.d/system-auth | ||
Latest revision as of 07:49, 17 December 2010
| Download Source: | http://archives.eyrie.org/software/ARCHIVE/pam-krb5/pam-krb5-3.15.tar.gz |
|---|
Contents
Introduction to Pam-krb5
pam-krb5 provides a Kerberos v5 PAM module that supports authentication, user ticket cache handling, simple authorization (via .k5login or checking Kerberos principals against local usernames), and password changing. It can be configured through either options in the PAM configuration itself or through entries in the system krb5.conf file, and it tries to work around PAM implementation flaws in commonly-used PAM-enabled applications such as OpenSSH and xdm.
Project Homepage: http://www.eyrie.org/~eagle/software/pam-krb5/
Dependencies
Required
Non-Multilib
Compile the package:
sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c && ./configure --prefix=/usr --libdir=/lib && make
Install the package:
make install && chmod -v 755 /lib/security/pam_krb5.so
Multilib
32Bit
Compile the package:
sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c &&
CC="gcc ${BUILD32}" USE_ARCH=32 \
./configure --prefix=/usr --libdir=/lib &&
make
Install the package:
make install && chmod -v 755 /lib/security/pam_krb5.so
N32
Compile the package:
sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c &&
CC="gcc ${BUILDN32}" USE_ARCH=n32 \
./configure --prefix=/usr --libdir=/lib32 &&
make
Install the package:
make install && chmod -v 755 /lib32/security/pam_krb5.so
64Bit
Compile the package:
sed -i "s/PAM_PREM_DENIED/PAM_IGNORE/" api-password.c &&
CC="gcc ${BUILD64}" USE_ARCH=64 \
./configure --prefix=/usr --libdir=/lib64 &&
make
Install the package:
make install && chmod -v 755 /lib64/security/pam_krb5.so
Configuring
If you want to authenticate passwords against Kerberos add pam_krb5.so to the pam system-auth file. The following commands insert pam_krb5.so after pam_unix.so in /etc/pam.d/system-auth:
sed -i "/auth.*pam_unix.so/a\auth sufficient pam_krb5.so try_first_pass" /etc/pam.d/system-auth && sed -i "/account.*pam_unix.so/a\account required pam_krb5.so" /etc/pam.d/system-auth && sed -i "/password.*pam_unix.so/a\password sufficient pam_krb5.so" /etc/pam.d/system-auth && sed -i "/session.*pam_unix.so/a\session sufficient pam_krb5.so" /etc/pam.d/system-auth
