8. Implementing PAM in Ingres : How to Implement Kerberos Authentication Using PAM : Ingres Kerberos Driver versus Ingvalidpam
Share this page                  
Ingres Kerberos Driver versus Ingvalidpam
Use of PAM with Kerberos is less secure than the Ingres Kerberos driver and loses the single sign-on capability. The ingvalidpam environment uses Kerberos merely as an alternative to operating-system user names and passwords. The Ingres Kerberos driver, in contrast, is a more complete approach to using Kerberos for authentication. (For details on the Ingres Kerberos driver, see the chapter "Configuring Ingres to Use Kerberos.")
In the Kerberos driver environment, the process running the application must be recognized as a valid Kerberos service principal and be pre-authenticated with Kerberos tickets. The netutil database requires no user names and passwords for Kerberos connection targets.
In the ingvalidpam environment, you must specify the Kerberos user name and password in the netutil database. The process owner does not need to be pre-authenticated through Kerberos, and does not have to be recognized as a valid Kerberos service principal.