47 lines
1.8 KiB
Plaintext
47 lines
1.8 KiB
Plaintext
|
|
PAM
|
|
---
|
|
|
|
Currently the PAM module has only been tested under Linux and SunOS5
|
|
(aka Solaris). Probably it will also work on other systems but that has
|
|
not yet been tried by us.
|
|
|
|
To build the module the argument `--enable-shared' must be passed to
|
|
`configure'. This is necessary because PAM modules are loaded as shared
|
|
libraries. Note that the shared libraries must also be available during
|
|
runtime for the PAM module to operate correctly. You may pass the
|
|
argument `debug' to the PAM module to trace configuration errors.
|
|
|
|
As an alternative to building shared libraries it is possible to build a
|
|
stand-alone PAM module, i.e a module that does not depend on any of the
|
|
Kerberos shared-libraries. To do this archive (`.a') libraries
|
|
containing position independent code are required. The following steps
|
|
can be used to build a stand-alone PAM module:
|
|
|
|
datan$ env CFLAGS=-fpic ./configure
|
|
datan$ make
|
|
datan$ cd lib/auth/pam
|
|
datan$ make
|
|
datan$ make install
|
|
|
|
Note that `--enable-shared' should not be passed to configure, setting
|
|
`CFLAGS' takes care of that. The module will be functional even if the
|
|
Kerberos libraries can not be loaded.
|
|
|
|
To use the module you should:
|
|
|
|
* Make sure that `pam_krb4.so' is available in `/usr/athena/lib'.
|
|
You might want to keep the module locally instead, `/lib/security'
|
|
can be a better alternative if `/usr/athena' is not on local disk.
|
|
|
|
* Look at `krb4-1.0.2/lib/auth/pam/pam.conf.add' for examples of what
|
|
to add to `/etc/pam.conf' (or the files in `/etc/pam.d').
|
|
|
|
The PAM module currently has no support for changing kerberos
|
|
passwords. Use kpasswd instead.
|
|
|
|
The PAM module was greatly influenced by Derrick J Brashear's
|
|
`<shadow@dementia.org>' Kerberos PAM module that can be found at
|
|
<ftp://ftp.dementia.org/pub/pam>.
|
|
|