[35911] in Kerberos
Re: root login via Kerberos5 - "User not known to the underlying
daemon@ATHENA.MIT.EDU (daemon@ATHENA.MIT.EDU)
Mon Mar 24 06:59:04 2014
Message-ID: <53300FE2.6000804@2e-systems.com>
Date: Mon, 24 Mar 2014 11:58:42 +0100
From: "Predrag Zecevic [Unix Systems Administrator]"
<Predrag.Zecevic@2e-systems.com>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <CA+j=ERp_TppuNs1dPnrcNpeh4YAxZ3XY0EM5qBEVVcztakbRwQ@mail.gmail.com>
Reply-To: Predrag.Zecevic@2e-systems.com
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 03/24/14 11:31 AM, Wendy Lin wrote:
> I am trying to allow user root (uid=0) to be authenticated via
> Kerberos5 at login time, too, but if I do I get a "User not known to
> the underlying authentication module" error and login is refused.
>
> OS is Suse 13.1
>
> pam config is:
> grep -r krb5 /etc/pam.d/
> /etc/pam.d/common-password-pc:password sufficient pam_krb5.so
> /etc/pam.d/common-account-pc:account required pam_krb5.so
> use_first_pass
> /etc/pam.d/common-auth-pc:auth sufficient pam_krb5.so use_first_pass
> /etc/pam.d/common-session-pc:session optional pam_krb5.so
>
> What am I doing wrong?
>
> Wendy
Hi,
* does other users have similar problem?
(user root is 'defined' on each system before staring to use Kerberos, so try to find other account similar to root and try to
use it)...
* does you Kerberos have LDAP as backend DB?
If yes (like I would expect), then probably user root is no defined, so you can add (to pam configuration) something like:
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
Regards.
P.S: Your post doesn't supply enough information, so this answer can be completely wrong. Just an idea.
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--
Predrag Zečević, Technical Support Analyst, 2e Systems GmbH
Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile: +49 174 3109 288, Skype: predrag.zecevic
E-mail: predrag.zecevic@2e-systems.com
Headquarter: 2e Systems GmbH, Königsteiner Str. 87,
65812 Bad Soden am Taunus, Germany
Company registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director: Phil Douglas
http://www.2e-systems.com/ - Making your business fly!
[***]===---
I finally went to the eye doctor. I got contacts. I only need them to read, so I got flip-ups. -- Steven Wright
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
