-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/17/2010 05:02 PM, Christoph Höger wrote: > >> If you had access to the school's LDAP setup (and I suspect they'd tell >> you if you asked) SSSD does what you're looking for internally. > > Neither do I have access to that LDAP (though it might be technically > possible to connect to it, this is just not a supported use case) nor do > I want to rely on the it infrastructure of my university for my > workstation. > >> But if I'm understanding you right, you want to just use a local login >> and do a kinit (I don't know what 'kstart' means) when you log in. > > This is exactly what I want. It seems like pam usually can do this: > > http://techpubs.spinlocksolutions.com/dklar/kerberos.html#id2503053 > > But since fedora ships with a custom /etc/pam.d layout due to sssd > (which, as we discussed, cannot handle that use case), I'd like to know, > if I still (meaning with sssd in place) can apply the above mentioned > method. > > Btw: kstart is a kinit replacement that allows running arbitrary > commands after getting tickets. > > What makes you think that SSSD would prevent this? That PAM configuration has nothing to do with whether you can kinit after login. That configuration in the link you specified does EXACTLY the same thing that SSSD does: if you log in with a username that Kerberos understands, you immediately get a ticket. If you don't (i.e. you log in with a local account), then you can still do 'kinit', which has nothing to do with PAM. All you need to have set up for kinit is /etc/krb5.conf - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxr2REACgkQeiVVYja6o6OnIgCfT6Pva3mq7pW4JCgZZXOvzCqM B74AnA68Gm/eW0IF27CXBMtIbevaPnAW =KLlG -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines