From: rob.de.langhe@belgacom.be
Date: Thu Aug 25 2005 - 10:41:19 EDT
Maybe I have to rephrase my question, since I got no single reply yet
till now:
the question is more precisely about the /etc/pam.conf contents, to
achieve a behaviour similar with the directives in /etc/nsswitch.conf
for eg LDAP: first look in local files (/etc/shadow) to verify an
authentication, and only if the username is not found in local files,
proceed with an attempt to authenticate via the central Kerberos server.
having local accounts (such as "root" and others) defined in /etc/passwd
and /etc/shadow, we want to avoid that a similar account in the central
Kerberos server will overrule or affect what is defined locally.
1) is this possible ?
2) if so, via which mechanism ? PAM, KRB5.conf, external product ?
TIA
Rob
________________________________
From: DE LANGHE Rob (ITN/IRO)
Sent: 19 August 2005 11:40
To: sunmanagers@sunmanagers.org
Subject: can I exclude "root" authentication from using Kerberos ?
Hi,
running Solaris-9 and the bundled (SEAM) Kerberos, we want to find a
mechanism where Kerberos-authentication is only used when the presented
user is not found in the local files (/etc/passwd - /etc/shadow). Is
this possible? It protects us from depending on the external Kerberos
service when we need to login as -say- "root" ...
If anyone knows another concept of keeping "root" authentication local,
that's as much welcome!
TIA
Rob
**** DISCLAIMER ****
http://www.belgacom.be/maildisclaimer
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:31:23 EDT