Kerberos login problem
Braden McDaniel
braden at endoframe.com
Tue Nov 10 06:43:30 UTC 2009
I've tried to follow the instructions on this page:
http://aput.net/~jheiss/krbldap/howto.html
... but I haven't been able to get Kerberos login to work.
"kinit username/admin" appears to work. And I edited /etc/shadow to
change my password to *K* (as described on that page under "Kerberos
Clients") and used authconfig-tui to add Kerberos authentication. But I
cannot log into the machine (at the terminal or using ssh).
/etc/pam.d/system-auth looks like this:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_krb5.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nis nullok
try_first_pass use_authtok
password sufficient pam_krb5.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session required pam_unix.so
session optional pam_krb5.so
--
Braden McDaniel <braden at endoframe.com>
More information about the fedora-list
mailing list