PAM
---
Currently the PAM module has only been tested under Linux and SunOS5
(aka Solaris). Probably it will also work on other systems but that has
not yet been tried by us.
To build the module the argument `--enable-shared' must be passed to
`configure'. This is necessary because PAM modules are loaded as shared
libraries. Note that the shared libraries must also be available during
runtime for the PAM module to operate correctly. You may pass the
argument `debug' to the PAM module to trace configuration errors.
As an alternative to building shared libraries it is possible to build a
stand-alone PAM module, i.e a module that does not depend on any of the
Kerberos shared-libraries. To do this archive (`.a') libraries
containing position independent code are required. The following steps
can be used to build a stand-alone PAM module:
datan$ env CFLAGS=-fpic ./configure
datan$ make
datan$ cd lib/auth/pam
datan$ make
datan$ make install
Note that `--enable-shared' should not be passed to configure, setting
`CFLAGS' takes care of that. The module will be functional even if the
Kerberos libraries can not be loaded.
To use the module you should:
* Make sure that `pam_krb4.so' is available in `/usr/athena/lib'.
You might want to keep the module locally instead, `/lib/security'
can be a better alternative if `/usr/athena' is not on local disk.
* Look at `krb4-1.0.2/lib/auth/pam/pam.conf.add' for examples of what
to add to `/etc/pam.conf' (or the files in `/etc/pam.d').
The PAM module currently has no support for changing kerberos
passwords. Use kpasswd instead.
The PAM module was greatly influenced by Derrick J Brashear's
`<shadow@dementia.org>' Kerberos PAM module that can be found at
<ftp://ftp.dementia.org/pub/pam>.