On 03/24/14 11:31 AM, Wendy Lin wrote: > I am trying to allow user root (uid=0) to be authenticated via > Kerberos5 at login time, too, but if I do I get a "User not known to > the underlying authentication module" error and login is refused. > > OS is Suse 13.1 > > pam config is: > grep -r krb5 /etc/pam.d/ > /etc/pam.d/common-password-pc:password sufficient pam_krb5.so > /etc/pam.d/common-account-pc:account required pam_krb5.so > use_first_pass > /etc/pam.d/common-auth-pc:auth sufficient pam_krb5.so use_first_pass > /etc/pam.d/common-session-pc:session optional pam_krb5.so > > What am I doing wrong? > > Wendy Hi,
* does other users have similar problem? (user root is 'defined' on each system before staring to use Kerberos, so try to find other account similar to root and try to use it)... * does you Kerberos have LDAP as backend DB? If yes (like I would expect), then probably user root is no defined, so you can add (to pam configuration) something like: account [default=bad success=ok user_unknown=ignore] pam_krb5.so Regards. P.S: Your post doesn't supply enough information, so this answer can be completely wrong. Just an idea. > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > -- Predrag Zečević, Technical Support Analyst, 2e Systems GmbH Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894 Mobile: +49 174 3109 288, Skype: predrag.zecevic E-mail: predrag.zece...@2e-systems.com Headquarter: 2e Systems GmbH, Königsteiner Str. 87, 65812 Bad Soden am Taunus, Germany Company registration: Amtsgericht Königstein (Germany), HRB 7303 Managing director: Phil Douglas http://www.2e-systems.com/ - Making your business fly! [***]===--- I finally went to the eye doctor. I got contacts. I only need them to read, so I got flip-ups. -- Steven Wright ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos