@%@UCRWARNING=# @%@

# Using pam_krb5 with no_ccache option http://manpages.ubuntu.com/manpages/trusty/man5/pam_krb5.5.html
# To avoid error: pam_krb5(opsi-auth:setcred): (user <USER>) chown of ticket cache failed: Operation not permitted
# If there are problems with logging in via Kerberos, "debug" can be added as an option. The output can then be seen in the syslog.
# There may also be indications of a problem in /var/log/auth.log.

auth  requisite  pam_nologin.so
auth  [success=done new_authtok_reqd=ok user_unknown=die service_err=die authinfo_unavail=die default=die]  pam_krb5.so no_ccache minimum_uid=1000
account  required  pam_krb5.so minimum_uid=1000
