[36001] in Kerberos
Re: root login via Kerberos5 - "User not known to the underlying
daemon@ATHENA.MIT.EDU (Brandon Allbery)
Fri Apr 4 12:30:11 2014
From: Brandon Allbery <ballbery@sinenomine.net>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Fri, 4 Apr 2014 16:29:55 +0000
Message-ID: <1396628995.16364.9.camel@vikktakkht.oh3.sinenomine.net>
In-Reply-To: <CA+j=ERqWot=DvBVuoebycKt7CVq4c7BE7E2RYE4dYPUVAh6Wtg@mail.gmail.com>
Content-Language: en-US
Content-ID: <C1D9500EC145BF4489D9B0836A29B317@mex05.mlsrvr.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Fri, 2014-04-04 at 18:21 +0200, Wendy Lin wrote:
> On 24 March 2014 11:31, Wendy Lin <wendlin1974@gmail.com> wrote:
> Of course, I do not know why this suddenly works. Can someone explain
> this? Why didn't it work when pam_unix came first?
Because root will always have a local account (required for the system
to operate) and the "sufficient" designation means that authentication
succeeds at that point without trying other authentication modules.
--
brandon s allbery kf8nh sine nomine associates
allbery.b@gmail.com ballbery@sinenomine.net
unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
