pam_krb5_migrate_mit(7)

Kerberos 5 Migration PAM module

Section 7 libpam-krb5-migrate-mit bookworm source

Description

pam_krb5_migrate

NAME

pam_krb5_migrate - Kerberos 5 Migration PAM module

SYNOPSIS

auth optional

pam_krb5_migrate.so

DESCRIPTION

pam_krb5_migrate is a stackable authentication module that takes a username and password from an earlier module in the stack, and attempts to transparently add them to a Kerberos realm using the Kerberos 5 kadmin service.

The module can be used to ease the administrative burdens of migrating a large installed userbase from pre-existing authentication methods to a Kerberos-based setup.

OPTIONS

The following options may be passed to the authentication module:

debug

syslog(3) debugging information at LOG_DEBUG level.

keytab=<file>

use alternate keytab for authentication (default is /etc/security/pam_krb5.keytab).

min_uid=<uid>

don’t add principals for uids lower than <uid>. (default is 100)

principal=<name>

use the key for <name> instead of the default pam_migrate/<hostname> key

realm=<REALM>

update the database for a realm other than the default realm.

AUTHOR

pam_krb5_migrate was written by Steve Langasek <vorlon@netexpress.net>. This manpage was assembled by Jelmer Vernooij <jelmer@samba.org>.

SEE ALSO

kadmin(1), pam_krb5(5), pam(3), libpam(4).