On Sat, Aug 28, 2010 at 11:08 AM, Boyd Stephen Smith Jr. <b...@iguanasuicide.net> wrote: > >>(2) Or we need to change to use Kerberos instead of LDAP/PAM? > > I believe you can do "just" your NFS authentication with Kerberos and continue > using LDAP/PAM for most authentication; I have not tried that though. Yes and no. Technically, you can continue using pam_ldap module. But that means your users will have two passwords - one in LDAP and one in Kerberos, which is no a good idea. You can just replace pam_ldap module with pam_krb5 module in your pam stack and users should not feel the difference really (Plus you'll get bonuses like single-sign-on (SSO) for various network services like SSH).
-- Zaar -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktin=asf9koz5deyg70kswyukof6kqrsmajw90...@mail.gmail.com
