[35973] in Kerberos
Re: root login via Kerberos5 - "User not known to the underlying
daemon@ATHENA.MIT.EDU (Nalin Dahyabhai)
Tue Apr 1 20:07:13 2014
Date: Tue, 1 Apr 2014 20:06:51 -0400
From: Nalin Dahyabhai <nalin@redhat.com>
To: Wendy Lin <wendlin1974@gmail.com>
Message-ID: <20140402000651.GB9497@redhat.com>
Mail-Followup-To: kerberos@mit.edu
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <CA+j=ERoSgbWaJn-zsR7nJrY533TotOh2Wztp7VWfDP95XOj3-Q@mail.gmail.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Tue, Apr 01, 2014 at 10:24:43AM +0200, Wendy Lin wrote:
> Ah, but I *want* that pam_krb5 authenticates the user against Kerberos
> so they do not have to do a kinit themselves after login, each time.
If there's a plugin which is accepting authentication before pam_krb5
gets to (this may be logged to /var/log/secure, or wherever LOG_AUTH and
LOG_AUTHPRIV messages are going), then it needs to be prevented from
doing that, or the PAM configuration needs to be edited to call the
modules in a different order.
HTH,
Nalin
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
