Kerberizing Applications
We can now login with ssh to a machine with our kerberos password, but that's not exactly what we wanted. What does go on here? We connect to the ssh server as usual, then the ssh server cunsults the pam configuraion. There it sees the lines:
auth sufficient pam_unix.so likeauth nullok auth sufficient pam_krb5.so use_first_pass
The ssh server asks you for a password. He "compares" the password using the first lib pam_unix.so. This lib looks at the files /etc/passwd and /etc/shadow and there it sees: joe has some invalid hash in the password field. Ok. then the ssh server walks to the next pam line and presents the password to the kerberos server. This server authenticates joe and so the ssh server let us in. But what we want is to use the "ticket granting ticket" (tgt) we already own to authenticate to remote services. pam is of no use here (also if the manpage tells us it would work, i did not get it running! (todo: check that)).