Tree @master (Download .tar.gz)
pam_krb5_migrate is a stackable authentication module that takes a username and password from an earlier module in the stack, and attempts to transparently add them to a Kerberos realm using the Kerberos 5 kadmin service. The module can be used to ease the administrative burdens of migrating a large installed userbase from pre-existing authentication methods to a Kerberos-based setup.
The most current version of this module can always be found at https://www.samba.org/~jelmer/pam_krb5_migrate
For sample usage in a module stack, see the enclosed login.pam file.
The following options are recognized by the module:
| option | description |
|---|---|
| debug | turn debug logging on |
| keytab=<file> | use alternate keytab for authentication (default is /etc/security/pam_krb5.keytab) |
| min_uid=<uid> | don't add principals for uid's lower than <uid>. (default is 100) |
| principal=<name> | use the key for <name> instead of the default pam_migrate/<hostname> key |
| realm=<REALM> | update the database for a realm other than the default realm. |
pam_krb5_migrate was written by Steve Langasek <vorlon@netexpress.net>.
Please send questions and comments (and especially bugfixes) to the current maintainer, Jelmer Vernooij <jelmer@samba.org>.
Commit History
@master
git clone https://jelmer.uk/code/pam-krb5-migrate/
- Format options table in rst. Jelmer Vernooij 1 year, 8 months ago
- Convert README to rst, update link to https. Jelmer Vernooij 1 year, 8 months ago
- Release 0.0.11. Jelmer Vernooij 5 years ago
- Allow easier build flag overriding. Jelmer Vernooij 5 years ago
- release 0.0.10. Jelmer Vernooij 7 years ago
- Fix compatibility with MIT kerberos. Jelmer Vernooij 7 years ago
- Cope with error header being named kadm_err.h for MIT. Jelmer Vernooij 7 years ago
- Fix kadm5_free_policy_ent use against Heimdal. Jelmer Vernooij 7 years ago
- Ignore aclocal.m4. Jelmer Vernooij 7 years ago
- Check for krb5-config.heimdal, too. Jelmer Vernooij 7 years ago