Dual Login enabled using kerberos
James Walthall
jwaltha at us.ibm.com
Fri Mar 19 10:51:35 EST 2004
Thank you very much for your suggestion, however that did not seem to
work.
I first tried to remove the hash only (leaving the rest of the string
entact) - but I
was still able to login using Administrator and the non-kerberos password.
Next,
I tried to replace the entire line with exactly what you provided, except
jwaltha
was Administrator instead. That too, did not work ( I didn't expect it to)
Do you have any other suggestions? I really don't want to remove root
local
access. I've done that before and it really isn't fun.
Thank you :)
---------------
James Walthall Jr
IBM Host Integration Server Test / HATS
Outside: (919) 254-8869
Tieline: 444-8869
Research Triangle Park
Raleigh, North Carolina
Digant Kasundra <digant at uta.edu>
03/18/2004 06:03 PM
To: James Walthall/Durham/IBM at IBMUS,
"'kerberos-bounces at mit.edu '" <kerberos-bounces at mit.edu>
cc:
Subject: RE: Dual Login enabled using kerberos
Yes, you can do that in a number of ways. One way is to modify the
/etc/pam.d/system-auth file and remove the pam_unix statements but that
would be a very very bad idea because that would prevent root from logging
in. The better way would be to remove the persons password hash from the
/etc/shadow file and replace is with !!.
jwaltha:!!:5000:0:0::::::: should look something like that.
-----Original Message-----
From: kerberos-bounces at mit.edu
To: kerberos at mit.edu
Sent: 3/18/2004 3:37 PM
Subject: Dual Login enabled using kerberos
When I configure my redhat machine to login using kerberos, I have
noticed
that I can
login using both the local password that was established on the machine,
and the password
that I establish using the kdc-db. Is there a way to configure the
machine
such that it only
logs in using the kerberos db ?
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list