NAME¶
pam_krb5_migrate - Kerberos 5 Migration PAM module
SYNOPSIS¶
auth optional pam_krb5_migrate.so
DESCRIPTION¶
pam_krb5_migrate is a stackable authentication module that takes a
username and password from an earlier module in the stack, and attempts to
transparently add them to a Kerberos realm using the Kerberos 5 kadmin
service.
The module can be used to ease the administrative burdens of
migrating a large installed userbase from pre-existing authentication
methods to a Kerberos-based setup.
OPTIONS¶
The following options may be passed to the authentication module:
- debug
- syslog(3) debugging information at LOG_DEBUG
level.
- keytab=<file>
- use alternate keytab for authentication (default is
/etc/security/pam_krb5.keytab).
- min_uid=<uid>
- don't add principals for uids lower than <uid>. (default is
100)
- principal=<name>
- use the key for <name> instead of the default
pam_migrate/<hostname> key
- realm=<REALM>
- update the database for a realm other than the default realm.
AUTHOR¶
pam_krb5_migrate was written by Steve Langasek <vorlon@netexpress.net>.
This manpage was assembled by Jelmer Vernooij <jelmer@samba.org>.
