[TriLUG] Kerberos and Linux

[Steve Hoffman]

Howdy all,
     Have an issue that I've back burnered for a while and it's finally
getting annoying enough to take the next step in solving it.  I'm using
Kerberos for authentication on all our Linux boxen and it works great.  The
only issue is when I try to login as root.  If I'm logged in as me and type
'su -" I'm always prompted twice for the root password.  Same holds true
when logging in at the console.  I've tried googling this, but when I put in
"password twice linux" no matter what else I put in there I get a million
results for "Create a root password".  Has anyone else come across this and
found a workaround?

On a side note, does anyone know of a way to tell the pam modules to ignore
kerberos auth for user root?

in /etc/pam.d/system-auth, I moved krb5.so over unix.so so kerberos is tried
first so my file starts off like this:

auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_krb5.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok

can I add a ignore_user=root or something similar to the krb5.so line?

I haven't googled this one, I figured since I'm asking one question, I'll
shoot for the moon.

Thanks,
Steve