Granting su rights to users? Using PAM and Kerberos...

Tue Nov 22 00:03:20 UTC 2005

-----Original Message-----
From: Bohmer, Andre ten [mailto:fedora-list-bounces at redhat.com]On Behalf Of Bohmer, Andre ten
Sent: Monday, November 21, 2005 1:43 PM
To: For users of Fedora Core releases
Subject: RE: Granting su rights to users? Using PAM and Kerberos...

Hi,

Maybe you have to enable local authorization sufficient in order to use su? We're using kerberos v5 to authenticate Linux accounts against Active Directory, and had a similar problem on Red Hat EL AS 4.
Sorry for the very bad quoting, using OWA ...

Cheers,
Andre 

Hmm...  What do you mean by 'local authorization sufficient' ?

What I noticed was in /var/log/krb5kdc.log is that it was reporting a lot
of HYPERLINK "mailto:root at REALM"root at REALM principal was missing in the database so I added the
root principal and that appeared to make the log a bit more quieter but
the su root problem still remains.

I am guessing that somewhere I will need to allow user root access with
kerberos as the googles mentioned it for kerberos IV (kdb_edit) but does
not say anything about kerberos 5 so I am assuming that kdb_edit is
depreciated and something else takes it's place?

Another person who responded asked me to check /etc/pam.d/su but
I cannot tell what I am supposed to look at.  I will need to check to see
if kerberos entries needs to be in there since I was some instructions
from  HYPERLINK "http://www.ofb.net/~jheiss/krbldap/howto.html"http://www.ofb.net/~jheiss/krbldap/howto.html mentions to add
kerberos support to /etc/pam/system-auth but nothing about /etc/pam.d/su ...

Any pointers, links, howtos, or whatever is appreciated!

Thanks!
Dan

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.4/176 - Release Date: 11/20/2005

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20051121/cf3440c5/attachment-0001.htm>