This configuration parameter specifies whether the .k5login file should be created automatically in the user’s home directory. This file is used to enable Kerberos authentication and single sign-on in PAM-aware applications.

In most cases, you set this configuration parameter using group policy. You can, however, set it manually in the configuration file if you are not using group policy or want to temporarily override group policy.

The parameter value can be true or false. If set to true, the agent will create the .k5login file in the user’s home directory.

For example:

pam.create.k5login: true