[35931] in Kerberos
Re: root login via Kerberos5 - "User not known to the underlying
daemon@ATHENA.MIT.EDU (Wendy Lin)
Thu Mar 27 13:13:12 2014
MIME-Version: 1.0
In-Reply-To: <53300FE2.6000804@2e-systems.com>
Date: Thu, 27 Mar 2014 18:12:58 +0100
Message-ID: <CA+j=ERpz4BB0M04pe9iWC=vKRMz4TBL1cTeNTwNFTh6khO+XQQ@mail.gmail.com>
From: Wendy Lin <wendlin1974@gmail.com>
To: Predrag.Zecevic@2e-systems.com
Cc: "<kerberos@mit.edu>" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 24 March 2014 11:58, Predrag Zecevic [Unix Systems Administrator]
<Predrag.Zecevic@2e-systems.com> wrote:
> On 03/24/14 11:31 AM, Wendy Lin wrote:
>> I am trying to allow user root (uid=0) to be authenticated via
>> Kerberos5 at login time, too, but if I do I get a "User not known to
>> the underlying authentication module" error and login is refused.
>>
>> OS is Suse 13.1
>>
>> pam config is:
>> grep -r krb5 /etc/pam.d/
>> /etc/pam.d/common-password-pc:password sufficient pam_krb5.so
>> /etc/pam.d/common-account-pc:account required pam_krb5.so
>> use_first_pass
>> /etc/pam.d/common-auth-pc:auth sufficient pam_krb5.so use_first_pass
>> /etc/pam.d/common-session-pc:session optional pam_krb5.so
>>
>> What am I doing wrong?
>>
>> Wendy
> Hi,
>
> * does other users have similar problem?
> (user root is 'defined' on each system before staring to use Kerberos, so try to find other account similar to root and try to
> use it)...
There is a root@<PRINCIPAL>
> * does you Kerberos have LDAP as backend DB?
> If yes (like I would expect), then probably user root is no defined, so you can add (to pam configuration) something like:
> account [default=bad success=ok user_unknown=ignore] pam_krb5.so
No, we use the built in database backend in this case.
Wendy
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
