Dual Login enabled using kerberos

James Walthall jwaltha at us.ibm.com
Fri Mar 19 10:51:35 EST 2004


Thank you very much for your suggestion, however that did not seem to 
work.
I first tried to remove the hash only (leaving the rest of the string 
entact) - but  I
was still able to login using Administrator and the non-kerberos password. 
Next,
I tried to replace the entire line with exactly what you provided, except 
jwaltha
was Administrator instead. That too, did not work ( I didn't expect it to)

Do you have any other suggestions? I really don't want to remove root 
local
access. I've done that before and it really isn't fun.

Thank you :)

---------------
James Walthall Jr
IBM Host Integration Server Test / HATS
Outside: (919) 254-8869
Tieline: 444-8869
Research Triangle Park
Raleigh, North Carolina




Digant Kasundra <digant at uta.edu>
03/18/2004 06:03 PM
 
        To:     James Walthall/Durham/IBM at IBMUS, 
"'kerberos-bounces at mit.edu '" <kerberos-bounces at mit.edu>
        cc: 
        Subject:        RE: Dual Login enabled using kerberos


Yes, you can do that in a number of ways.  One way is to modify the
/etc/pam.d/system-auth file and remove the pam_unix statements but that
would be a very very bad idea because that would prevent root from logging
in.  The better way would be to remove the persons password hash from the
/etc/shadow file and replace is with !!.

jwaltha:!!:5000:0:0:::::::  should look something like that.

-----Original Message-----
From: kerberos-bounces at mit.edu
To: kerberos at mit.edu
Sent: 3/18/2004 3:37 PM
Subject: Dual Login enabled using kerberos

When I configure my redhat machine to login using kerberos, I have
noticed 
that I can
login using both the local password that was established on the machine,

and the password
that I establish using the kdc-db. Is there a way to configure the
machine 
such that it only
logs in using the kerberos db ?
________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos



More information about the Kerberos mailing list