Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   10987 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

pamkrbval(1m)							 pamkrbval(1m)

NAME
       - validates the PAM Kerberos configuration.

SYNOPSIS
       { pa32 | pa64 | ia32 | ia64 } [ verbose ] [ CIFS ]

DESCRIPTION
       verifies	 the  PAM  Kerberos  related  configuration files, and It also
       checks if the default realm KDC is running.  This tool  will  help  the
       administrator diagnose the problem.

       performs the following validations:

	      Checks  whether the control_flags and the module_types specified
	      for the PAM Kerberos specific entries in the /etc/pam.conf  file
	      are valid.

	      Checks  whether  the PAM Kerberos specific module_paths that are
	      specified in exist.  If the module_path name is not absolute  it
	      is  assumed to be relative to The (i.e Instruction Set Architec‐
	      ture) token is replaced by this tool with for IA 32-bit  option(
	      ),  or  with for IA 64-bit option( ), or with null for PA 32-bit
	      option( ), or with for PA 64-bit option( ).

	      Checks whether the options specified for	pam_krb5  library  are
	      valid PAM Kerberos options.

	      Validates	 /etc/pam_user.conf  file only if libpam_updbe is con‐
	      figured in /etc/pam.conf file. This validation will  be  similar
	      to the /etc/pam.conf validation.

	      Validates	  the  syntax  of  the	Kerberos  configuration	 file,
	      /etc/krb5.conf.

	      Validates if the default realm KDC is issuing  tickets.  Atleast
	      one KDC must reply to the ticket requests for the default realm.

	      Validates	 the host service principal, in the file, if this file
	      exists. If the keytab entry for this host service principal does
	      not  exist  in the default keytab file, checks for the host ser‐
	      vice principal in the KDC. If the host  service  principal  does
	      not  exist  in  the KDC, then ignores the validation and assumes
	      success. If finds the host service principal in the KDC,	issues
	      the following warning message:

	      found on KDC but not found in keytab file.

   NOTE
       An  entry  in /etc/pam.conf file is considered to be PAM Kerberos entry
       if the file name in the module_path begins with An  example  of	a  PAM
       Kerberos entry in /etc/pam.conf is as shown:

       The  machine  is	 considered to be configured with libpam_updbe if  the
       file name in the module_path of an entry in /etc/pam.conf  begins  with
       An example of a pam_updbe entry in /etc/pam.conf is as shown:

   LOGGING
       logs all messages to stdout. The log categories provided are:

	      These messages are logged when verbose option is set.

	      These messages are logged to notify the user about the erroneous
	      lines in pam configuration files or to notify about the skipping
	      of /etc/pam_user.conf file validation.

	      These  messages are logged when any of the above mentioned vali‐
	      dation fails.

	      These messages are logged to notify the user about a potentially
	      erroneous configuration on the system that may result in valida‐
	      tion failure.

	      These messages are logged when any of the above mentioned	 vali‐
	      dation succeeds.

	      These messages are logged when validation of /etc/krb5.keytab is
	      ignored.

	      These messages are logged to inform the  user  about  the	 exact
	      problem in the pam configuration files.

	      These  messages  will give some minimal help to the user to rec‐
	      tify the problem.

	      If there are any or or messages then there is  some  problem  in
	      the  appropriate	section. The administrator should diagnose the
	      problem.

OPTIONS
       verbose output

       { pa32 | pa64 | ia32 | ia64 }

	      Depending on the architecture on which the validation need to be
	      done  this  option  needs	 to be set. The flags available are as
	      listed below:

	      for PA 32-bit architecture

	      for PA 64-bit architecture

	      for IA 32-bit architecture

	      for IA 64-bit architecture

	      Depending on this flag, in the module_path will be  expanded  as
	      explained in the Description section of this manpage.

		     Use this option if
	      is  configured  on the system to enable validation of the keytab
	      entry for Do not use this option if is  not  configured  on  the
	      system.

RETURN VALUE
       returns the following exit codes:

       Successful configuration validation.

       Warnings were found during configuration validation.

       Errors were detected during configuration validation.

       FILES

       the kerberos client configuration file

       the pam configuration file

       The pam user configuration file

       The default location for the local host's keytab file

AUTHOR
       was developed by HP.

SEE ALSO
       krb5.conf(4),	pam(3),	   pam_krb5(5),	  pam.conf(4),	 pam_updbe(5),
       pam_user.conf(4)

								 pamkrbval(1m)

Vote for polarhome