+++ /dev/null
-<!--
- $Id$
-
- This file was written by Derrick J. Brashear <shadow@DEMENTIA.ORG>
--->
-
-<sect1>The Kerberos 4 module.
-
-<sect2>Synopsis
-
-<p>
-<descrip>
-
-<tag><bf>Module Name:</bf></tag>
-<tt/pam_krb4/
-
-<tag><bf>Author:</bf></tag>
-Derrick J. Brashear <shadow@dementia.org>
-
-<tag><bf>Maintainer:</bf></tag>
-Author.
-
-<tag><bf>Management groups provided:</bf></tag>
-authentication; password; session
-
-<tag><bf>Cryptographically sensitive:</bf></tag>
-uses API
-
-<tag><bf>Security rating:</bf></tag>
-
-<tag><bf>Clean code base:</bf></tag>
-
-<tag><bf>System dependencies:</bf></tag>
-libraries - <tt/libkrb/, <tt/libdes/, <tt/libcom_err/, <tt/libkadm/;
-and a set of Kerberos include files.
-
-<tag><bf>Network aware:</bf></tag>
-Gets Kerberos ticket granting ticket via a Kerberos key distribution
-center reached via the network.
-
-</descrip>
-
-<sect2>Overview of module
-
-<p>
-This module provides an interface for doing Kerberos verification of a
-user's password, getting the user a Kerberos ticket granting ticket
-for use with the Kerberos ticket granting service, destroying the
-user's tickets at logout time, and changing a Kerberos password.
-
-<sect2> Session component
-
-<p>
-<descrip>
-
-<tag><bf>Recognized arguments:</bf></tag>
-
-<tag><bf>Description:</bf></tag>
-
-This component of the module currently sets the user's <tt/KRBTKFILE/
-environment variable (although there is currently no way to export
-this), as well as deleting the user's ticket file upon logout (until
-<tt/PAM_CRED_DELETE/ is supported by <em/login/).
-
-<tag><bf>Examples/suggested usage:</bf></tag>
-
-This part of the module won't be terribly useful until we can change
-the environment from within a <tt/Linux-PAM/ module.
-
-</descrip>
-
-<sect2> Password component
-
-<p>
-<descrip>
-
-<tag><bf>Recognized arguments:</bf></tag>
-<tt/use_first_pass/; <tt/try_first_pass/
-
-<tag><bf>Description:</bf></tag>
-
-This component of the module changes a user's Kerberos password
-by first getting and using the user's old password to get
-a session key for the password changing service, then sending
-a new password to that service.
-
-<tag><bf>Examples/suggested usage:</bf></tag>
-
-This should only be used with a real Kerberos v4 <tt/kadmind/. It
-cannot be used with an AFS kaserver unless special provisions are
-made. Contact the module author for more information.
-
-</descrip>
-
-<sect2> Authentication component
-
-<p>
-<descrip>
-
-<tag><bf>Recognized arguments:</bf></tag>
-<tt/use_first_pass/; <tt/try_first_pass/
-
-<tag><bf>Description:</bf></tag>
-
-This component of the module verifies a user's Kerberos password
-by requesting a ticket granting ticket from the Kerberos server
-and optionally using it to attempt to retrieve the local computer's
-host key and verifying using the key file on the local machine if
-one exists.
-
-It also writes out a ticket file for the user to use later, and
-deletes the ticket file upon logout (not until <tt/PAM_CRED_DELETE/
-is called from <em/login/).
-
-<tag><bf>Examples/suggested usage:</bf></tag>
-
-This module can be used with a real Kerberos server using MIT
-v4 Kerberos keys. The module or the system Kerberos libraries
-may be modified to support AFS style Kerberos keys. Currently
-this is not supported to avoid cryptography constraints.
-
-</descrip>
-
-<!--
-End of sgml insert for this module.
--->
projects / linux-pam / commitdiff