Sun Enterprise Authentication Mechanism 1.0.2 Guide

SEAM 1.0.2 Files

Table 5-1 SEAM 1.0.2 Files


File Name	Description
`/etc/krb5/krb5.keytab`	Keytab file for network application servers
`/etc/pam.conf`	PAM configuration file
`/tmp/krb5cc_uid`	Default credentials cache (`uid` is the decimal UID of the user)
`/tmp/ovsec_adm.xxxxxx`	Temporary credentials cache for the lifetime of the password changing operation (`xxxxxx` is a random string)

PAM Configuration File

The default PAM configuration file delivered in Solaris 9 release has entries to support acquiring initial credentials using the authentication module. Also, Kerberos password aging is supported using the account and password modules. For a complete description of the Solaris 9 implementation, see "SEAM Files" in System Administration Guide: Security Services and the pam_krb5(5) man page.

When SEAM 1.0.2 files are installed, the following entries are appended to the /etc/pam.conf file.

ktelnet         auth required           pam_krb5.so.1 acceptor
krlogin         auth required           pam_krb5.so.1 acceptor
krsh            auth required           pam_krb5.so.1 acceptor

The acceptor option allows a properly authenticated and authorized remote user to login without having to type a password. Since the user has been authenticated before trying the remote applications, the user does not need to be authenticated again on the remote host. Please see the krb5_auth_rules(5) man page for more information about authorization.