NAME¶
pam_krb5_migrate - Kerberos 5 Migration PAM module
SYNOPSIS¶
auth optional pam_krb5_migrate.so
DESCRIPTION¶
pam_krb5_migrate is a stackable authentication module that takes a
username and password from an earlier module in the stack, and attempts to
transparently add them to a Kerberos realm using the Kerberos 5 kadmin
service.
The module can be used to ease the administrative burdens of migrating a large
installed userbase from pre-existing authentication methods to a
Kerberos-based setup.
OPTIONS¶
The following options may be passed to the authentication module:
- debug
- syslog(3) debugging information at
LOG_DEBUG level.
- keytab=<file>
- use alternate keytab for authentication (default is
/etc/security/pam_krb5.keytab).
- min_uid=<uid>
- don't add principals for uids lower than <uid>.
(default is 100)
- principal=<name>
- use the key for <name> instead of the default
pam_migrate/<hostname> key
- realm=<REALM>
- update the database for a realm other than the default
realm.
AUTHOR¶
pam_krb5_migrate was written by Steve Langasek <vorlon@netexpress.net>.
This manpage was assembled by Jelmer Vernooij <jelmer@samba.org>.
SEE ALSO¶
kadmin(1),
pam_krb5(5),
pam(3),
libpam(4).