It's an interesting question...I didn't think so and I found some information on topic: access.redhat.com/documentation/ 19.4. Kerberos and PAM Currently, kerberized services do not make use of Pluggable Authentication Modules (PAM) - kerberized servers bypass PAM completely. However, applications that use PAM can make use of Kerberos for authentication if the pam_krb5 module (provided in the pam_krb5 package) is installed. The pam_krb5 package contains sample configuration files that allow services like login and gdm to authenticate users as well as obtain initial credentials using their passwords. If access to network servers is always performed using kerberized services or services that use GSS-API, such as IMAP, the network can be considered reasonably safe. Note Administrators should be careful to not allow users to authenticate to most network services using Kerberos passwords. Many protocols used by these services do not encrypt the password before sending it over the network, destroying the benefits of the Kerberos system. For example, users should not be allowed to authenticate using their Kerberos passwords over Telnet.
Kerberos could be used behind the scenes to accomplish PAM but, by itself, it wouldn’t give the level of control (e.g., check-out, check-in) or visibility (e.g., session recording) that would be part of an enterprise class PAM solution.
This is disingenuous. AD? Password safe? MFA? No. No such thing. Administrators use one account and scribble the password on the wall ...or PAM. There are no other options. Who is this video aimed at?
This guy explains these concepts like a rockstar
So very nice of you to say! Thank you!
that was the best explanation of PAM I heard so far! thank you so much
Thanks so much for saying so!
Fantastic explanation
Thank you for this explanation.
Oh ghosh...Jeff is explains the concept in an awesome and simple way. Love to attend his class f2f someday in Australia
You’re very kind to say so!
@@jeffcrume hope you got some plans to take classes in Australian Universities
Great explanation😄
Impressive explanation, helps a lot. Thanks!
What it the name and model of the transparent whiteboard that you use?
Sorry, our company policy does not allow us to recommend or endorse specific vendors or products without legal review.
Phenomenal way to explain complex items.
Thanks for this
@IBMTechnology you have very few views and likes for this kind of content. Kudos!
I’m glad you liked it!
Quick question: Is Kerberos a kind of PAM implementation?
It's an interesting question...I didn't think so and I found some information on topic: access.redhat.com/documentation/
19.4. Kerberos and PAM
Currently, kerberized services do not make use of Pluggable Authentication Modules (PAM) - kerberized servers bypass PAM completely. However, applications that use PAM can make use of Kerberos for authentication if the pam_krb5 module (provided in the pam_krb5 package) is installed. The pam_krb5 package contains sample configuration files that allow services like login and gdm to authenticate users as well as obtain initial credentials using their passwords. If access to network servers is always performed using kerberized services or services that use GSS-API, such as IMAP, the network can be considered reasonably safe.
Note
Administrators should be careful to not allow users to authenticate to most network services using Kerberos passwords. Many protocols used by these services do not encrypt the password before sending it over the network, destroying the benefits of the Kerberos system. For example, users should not be allowed to authenticate using their Kerberos passwords over Telnet.
Kerberos could be used behind the scenes to accomplish PAM but, by itself, it wouldn’t give the level of control (e.g., check-out, check-in) or visibility (e.g., session recording) that would be part of an enterprise class PAM solution.
what happen when PAM got ransomed?
Gosh.... Yes ! :/
😁😁😁
This is disingenuous.
AD? Password safe? MFA?
No. No such thing. Administrators use one account and scribble the password on the wall ...or PAM.
There are no other options.
Who is this video aimed at?
Clients have been using PAM solutions successfully from vendors like IBM for more than a decade
Fantastic explanation
Thank you!