SYNOPSIS

       auth optional   pam_KFM.so [ options ]
       auth sufficient pam_KFM.so [ options ]
       auth required   pam_KFM.so [ options ]
       auth requisite  pam_KFM.so [ options ]

DESCRIPTION

       The pam_KFM.so PAM module allows authentication against Kerberos realms
       using the full-featured K erberos F or M acintosh framework.  In  addi-
       tion to granting access, this module also correctly handles credentials
       caches, links to KFM plugin modules (for services such as  aklog),  and
       allows customization of the credentials received.
       For  security  reasons,  if  kerberos  is used to get admin rights with
       sudo, it is recommended that the pam_securitysession.so module also  be
       used.

ARGUMENTS

       dont_cache
                 Authenticate against the KDC, but don't get a TGT.

       forwardable=true|false
                 Request  tickets  which  can/can't  be  forwarded to a remote
              host, respectively.

       proxiable=true|false
                 Request tickets which can/can't grant a remote host new tick-
              ets, respectively.

       noaddresses=true|false
                 Request  a  TGT which isn't/is explicitly linked to the local
              IP, respectively.

       ticket_lifetime=<time>
                 Request a TGT which expires in time seconds.

       renew_lifetime=<time>
                 Request a TGT which can only renew for time seconds

       start_time=<time>
                 Request a TGT which doesn't become active for time seconds.

       service_name=<name>
                 Request tickets explicitly for the named service.

FILES

       /usr/lib/pam/pam_KFM.so /etc/pam.d/*

SEE ALSO

       pam(8)