January 2009
Install the PAM Kerberos module:
apt-get install libpam-krb5
Configure it in /etc/krb5.conf
:
[appdefaults] forwardable = true pam = { minimum_uid = 1000 EXAMPLE.COM = { ignore_k5login = true } }
Configure PAM via /etc/pam.d/common-auth
:
auth sufficient pam_krb5.so minimum_uid=1000 use_first_pass try_pkinit auth required pam_unix.so nullok_secure
, /etc/pam.d/common-session
:
session required pam_krb5.so minimum_uid=1000 session required pam_unix.so
/etc/pam.d/common-account
:
account required pam_krb5.so minimum_uid=1000 account required pam_unix.so
/etc/pam.d/common-password
:
password sufficient pam_krb5.so minimum_uid=1000 use_first_pass try_pkinit password required pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass
Try to su:
su - tuya
Password:
tuya@host:~$
And try to change the password:
passwd
Current Kerberos password:
Enter new Kerberos password:
Retype new Kerberos password:
passwd: password updated successfully