[TriLUG] Kerberos and Linux
Steve Hoffman
srhoffman at gmail.com
Mon Mar 13 15:12:06 EST 2006
Yeah...that did it. It was actually in there and I removed it. I guess I
thought it was more literal...i.e. use the first password you type even it
was wrong and you were prompted again... At any rate it works fine now.
the reason I have krb first though is because there are no unix passwords
other then root and root can't login via ssh anyway. everything is done
with sudo or su -. I was just trying to avoid the "no kerb credentials for
user root" in the logs.
Thanks all,
Steve
On 3/13/06, Kevin Otte <nivex at nivex.net> wrote:
>
> I have our systems set up to try pam_unix first, then pam_krb5. This way
> if
> you try a root login, the local is matched first. I then add
> "use_first_pass" as a parameter to pam_krb5, such that you do not get a
> second prompt.
>
> kjotte at starbuck:~$ cat /etc/pam.d/common-auth
> auth sufficient pam_unix.so nullok_secure
> auth sufficient pam_krb5.so use_first_pass
> auth required pam_deny.so
>
> This is on an Ubuntu machine, so some changes may need to be made for
> other
> platforms. Good luck!
>
> --
> Kevin Otte, N8VNR
> nivex at nivex.net
> http://www.nivex.net/
>
> -=-
>
> "Those who cannot remember the past are condemned to repeat it."
> -- George Santayana
>
> "It seems no one reads Santayana anymore."
> -- Cdr. Susan Ivanova, Babylon 5
>
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
More information about the TriLUG
mailing list