Although pam_krb5.so allows exclusion of uids lower than a specified value with minimum_uid, it provides no safety for uids above that. For example, several of my servers have Kerberos and local-password (lp) users intermingled uid>1000. This is because the lp users cannot all be foreseen up front and they've been added by countless admins in the past. This is a major weakness because a new...
2009-11-20 06:48:50 UTC in pam_krb5
