root login

Ken Raeburn raeburn at MIT.EDU
Thu May 9 18:24:27 EDT 2002


Marc <syn_uw at NOSPAM_hotmail.com> writes:

> In this situation I am using Linux Slackware 8 with a 2.2 kernel and
> with MIT Kerberos 1.2.4. I have installed the login.krb5 instead of the
> normal krb, my question is:
> 
> Is it possible to avoid the root account to be checked against Kerberos
> and instead make only the root account to be checked in /etc/passwd
> using login.krb5 ?

There is code is login.krb5 to bypass some of the Kerberos support if
the uid for the requested account is zero.

	    lpass_ok = unix_passwd_okay(user_pwstring);

	    if (pwd->pw_uid != 0) { /* Don't get tickets for root */
		try_krb5(&me, user_pwstring);
		....

If root logins are being refused for you, perhaps there's some other
problem in the UNIX passwd support?

We aren't using login.krb5 as the normal system login program here,
only for telnetd/rlogind logins, so it's possible you're encountering
problems we wouldn't see.

Ken



More information about the Kerberos mailing list