On Tue, Apr 01, 2014 at 10:24:43AM +0200, Wendy Lin wrote: > Ah, but I *want* that pam_krb5 authenticates the user against Kerberos > so they do not have to do a kinit themselves after login, each time.
If there's a plugin which is accepting authentication before pam_krb5 gets to (this may be logged to /var/log/secure, or wherever LOG_AUTH and LOG_AUTHPRIV messages are going), then it needs to be prevented from doing that, or the PAM configuration needs to be edited to call the modules in a different order. HTH, Nalin ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos