On 24 March 2014 11:58, Predrag Zecevic [Unix Systems Administrator] <predrag.zece...@2e-systems.com> wrote: > On 03/24/14 11:31 AM, Wendy Lin wrote: >> I am trying to allow user root (uid=0) to be authenticated via >> Kerberos5 at login time, too, but if I do I get a "User not known to >> the underlying authentication module" error and login is refused. >> >> OS is Suse 13.1 >> >> pam config is: >> grep -r krb5 /etc/pam.d/ >> /etc/pam.d/common-password-pc:password sufficient pam_krb5.so >> /etc/pam.d/common-account-pc:account required pam_krb5.so >> use_first_pass >> /etc/pam.d/common-auth-pc:auth sufficient pam_krb5.so >> use_first_pass >> /etc/pam.d/common-session-pc:session optional pam_krb5.so >> >> What am I doing wrong? >> >> Wendy > Hi, > > * does other users have similar problem? > (user root is 'defined' on each system before staring to use Kerberos, so > try to find other account similar to root and try to > use it)...
There is a root@<PRINCIPAL> > * does you Kerberos have LDAP as backend DB? > If yes (like I would expect), then probably user root is no defined, so > you can add (to pam configuration) something like: > account [default=bad success=ok user_unknown=ignore] pam_krb5.so No, we use the built in database backend in this case. Wendy ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
