What are you using to login? telnet/rsh/ssh? My first guess is that ssh
is configured to disallow root logins on the second system.
As an aside, I'd highly recommend against using a 'root' principle. It's
dangerous and doesn't leave a good audit trail. We prefer our admins to
login with normal accounts and 'ksu' if they need admin privileges.
-Mike
> Hello ml,
>
> i have just installed Kerberos on a Debian (Sarge) System.
>
> I configured pam to allow kerberos login.
>
> Every non-root user can successfully login and get a kerberos ticket.
>
> But the root-user cannot login.
>
> When i try to login as root on a client-machine the login works
> (password get verified by the kerberos-server) and i get a kerberos
> ticket.
>
> Both machines have the same pam configuration and version. (both Debian
> Sarge).
>
> Anyone any ideas?
>
>
> p.s. in the log messages the following appears:
>
> --------8<-----------------------8<---------------------8<--------
>
> Oct 27 08:53:35 server1 krb5kdc[13972]: AS_REQ (7 etypes {18 17 16 23
> 1 3 2}) 192.168.0.11: NEEDED_PREAUTH: [EMAIL PROTECTED] for
> krbtgt/[EMAIL PROTECTED], Additional pre-authentication required
> Oct 27 08:53:35 server1 krb5kdc[13972]: AS_REQ (7 etypes {18 17 16 23
> 1 3 2}) 192.168.0.11: ISSUE: authtime 1161932015, etypes {rep=16
> tkt=16 ses=16}, [EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED]
> Oct 27 08:53:35 server1 krb5kdc[13972]: TGS_REQ (7 etypes {18 17 16 23
> 1 3 2}) 192.168.0.11: ISSUE: authtime 1161932015, etypes {rep=16
> tkt=16 ses=16}, [EMAIL PROTECTED] for host/[EMAIL PROTECTED]
>
>
> --------8<-----------------------8<---------------------8<--------
>
> Jan
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
