|Skip Navigation Links|
|Exit Print View|
|Oracle Solaris Administration: Security Services Oracle Solaris 11 Information Library|
On login, a client, using the pam_krb5 module, verifies that the KDC that issued the latest TGT, is the same KDC that issued the client host principal that is stored in /etc/krb5/krb5.keytab. The pam_krb5 module verifies the KDC when the module is configured in the authentication stack. For some configurations, like DHCP clients that do not store a client host principal, this check needs to be disabled. To turn off this check, you must set the verify_ap_req_nofail option in the krb5.conf file to be false. See How to Disable Verification of the Ticket-Granting Ticket for more information.