[TriLUG] Kerberos and Linux

Steve Hoffman srhoffman at gmail.com
Mon Mar 13 15:12:06 EST 2006


Yeah...that did it.  It was actually in there and I removed it.  I guess I
thought it was more literal...i.e. use the first password you type even it
was wrong and you were prompted again...  At any rate it works fine now.

the reason I have krb first though is because there are no unix passwords
other then root and root can't login via ssh anyway.  everything is done
with sudo or su -.  I was just trying to avoid the "no kerb credentials for
user root" in the logs.

Thanks all,
Steve

On 3/13/06, Kevin Otte <nivex at nivex.net> wrote:
>
> I have our systems set up to try pam_unix first, then pam_krb5.  This way
> if
> you try a root login, the local is matched first.  I then add
> "use_first_pass" as a parameter to pam_krb5, such that you do not get a
> second prompt.
>
> kjotte at starbuck:~$ cat /etc/pam.d/common-auth
> auth    sufficient      pam_unix.so nullok_secure
> auth    sufficient      pam_krb5.so use_first_pass
> auth    required        pam_deny.so
>
> This is on an Ubuntu machine, so some changes may need to be made for
> other
> platforms.  Good luck!
>
> --
> Kevin Otte, N8VNR
> nivex at nivex.net
> http://www.nivex.net/
>
> -=-
>
> "Those who cannot remember the past are condemned to repeat it."
> -- George Santayana
>
> "It seems no one reads Santayana anymore."
> -- Cdr. Susan Ivanova, Babylon 5
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>



More information about the TriLUG mailing list