Tree @master (Download .tar.gz)
pam_krb5_migrate is a stackable authentication module that takes a username and password from an earlier module in the stack, and attempts to transparently add them to a Kerberos realm using the Kerberos 5 kadmin service. The module can be used to ease the administrative burdens of migrating a large installed userbase from pre-existing authentication methods to a Kerberos-based setup.
The most current version of this module can always be found at https://www.samba.org/~jelmer/pam_krb5_migrate
For sample usage in a module stack, see the enclosed login.pam file.
The following options are recognized by the module:
|debug||turn debug logging on|
|keytab=<file>||use alternate keytab for authentication (default is /etc/security/pam_krb5.keytab)|
|min_uid=<uid>||don't add principals for uid's lower than <uid>. (default is 100)|
|principal=<name>||use the key for <name> instead of the default pam_migrate/<hostname> key|
|realm=<REALM>||update the database for a realm other than the default realm.|
pam_krb5_migrate was written by Steve Langasek <email@example.com>.
Please send questions and comments (and especially bugfixes) to the current maintainer, Jelmer Vernooĳ <firstname.lastname@example.org>.
git clone https://jelmer.uk/code/pam-krb5-migrate/
- Format options table in rst. Jelmer Vernooĳ 4 years ago
- Convert README to rst, update link to https. Jelmer Vernooĳ 4 years ago
- Release 0.0.11. Jelmer Vernooij 8 years ago
- Allow easier build flag overriding. Jelmer Vernooij 8 years ago
- release 0.0.10. Jelmer Vernooij 10 years ago
- Fix compatibility with MIT kerberos. Jelmer Vernooij 10 years ago
- Cope with error header being named kadm_err.h for MIT. Jelmer Vernooij 10 years ago
- Fix kadm5_free_policy_ent use against Heimdal. Jelmer Vernooij 10 years ago
- Ignore aclocal.m4. Jelmer Vernooij 10 years ago
- Check for krb5-config.heimdal, too. Jelmer Vernooij 10 years ago