blob: 64a4915dbf480ede5a91daf3963981b72425f4b0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
To enable PAM in dtlogin and /bin/login under SunOS 5.6 apply this patch:
--- /etc/pam.conf.DIST Mon Jul 20 15:37:46 1998
+++ /etc/pam.conf Tue Feb 15 19:39:12 2000
@@ -4,15 +4,19 @@
#
# Authentication management
#
+login auth sufficient /usr/athena/lib/pam_krb4.so
login auth required /usr/lib/security/pam_unix.so.1
login auth required /usr/lib/security/pam_dial_auth.so.1
#
rlogin auth sufficient /usr/lib/security/pam_rhosts_auth.so.1
rlogin auth required /usr/lib/security/pam_unix.so.1
#
+dtlogin auth sufficient /usr/athena/lib/pam_krb4.so
dtlogin auth required /usr/lib/security/pam_unix.so.1
#
rsh auth required /usr/lib/security/pam_rhosts_auth.so.1
+# Reafslog is for dtlogin lock display
+other auth sufficient /usr/athena/lib/pam_krb4.so reafslog
other auth required /usr/lib/security/pam_unix.so.1
#
# Account management
@@ -24,6 +28,8 @@
#
# Session management
#
+dtlogin session required /usr/athena/lib/pam_krb4.so
+login session required /usr/athena/lib/pam_krb4.so
other session required /usr/lib/security/pam_unix.so.1
#
# Password management
---------------------------------------------------------------------------
To enable PAM in /bin/login and xdm under Red Hat 6.1 apply these patches:
--- /etc/pam.d/login~ Thu Jul 8 00:14:02 1999
+++ /etc/pam.d/login Mon Aug 30 14:33:12 1999
@@ -1,9 +1,12 @@
#%PAM-1.0
+# Updated to work with kerberos
+auth sufficient /lib/security/pam_krb4.so
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_pwdb.so shadow nullok
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so nullok use_authtok shadow
+session required /lib/security/pam_krb4.so
session required /lib/security/pam_pwdb.so
session optional /lib/security/pam_console.so
--- /etc/pam.d/xdm~ Mon Jun 14 17:39:05 1999
+++ /etc/pam.d/xdm Mon Aug 30 14:54:51 1999
@@ -1,8 +1,10 @@
#%PAM-1.0
+auth sufficient /lib/security/pam_krb4.so
auth required /lib/security/pam_pwdb.so shadow nullok
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so shadow nullok use_authtok
+session required /lib/security/pam_krb4.so
session required /lib/security/pam_pwdb.so
session optional /lib/security/pam_console.so
--------------------------------------------------------------------------
This stuff may work under some other system.
# To get this to work, you will have to add entries to /etc/pam.conf
#
# To make login kerberos-aware, you might change pam.conf to look
# like:
# login authorization
login auth sufficient /lib/security/pam_krb4.so
login auth required /lib/security/pam_securetty.so
login auth required /lib/security/pam_unix_auth.so
login account required /lib/security/pam_unix_acct.so
login password required /lib/security/pam_unix_passwd.so
login session required /lib/security/pam_krb4.so
login session required /lib/security/pam_unix_session.so
|
