Linux : krb5 and pam

Sensei senseiwa at
Fri Mar 31 11:21:43 EST 2006

On 2006-03-30 01:21:04 +0200, Quinten <quinten at> said:

>   Our environment is currently using 2 AD/realms. I am trying to set up 
> a RHEL3 host to authenticate users from both realms. If the 
> default_realm in /etc/krb5.conf is set to one realm, the users in the 
> other realm cannot authenticate and vice versa. So there is no issue on 
> any settings, they just seem unable to coexist.

Naive question... can you kinit the NOT_DEFAULT_REALM?

>   The module in /etc/pam.d/system-auth is set to 
> "sufficient". I have tried to add another entry:
> account   sufficient   /lib/security/$ISA/
> account   sufficient   /lib/security/$ISA/\

Is that a backslash?

> There is a similar setup we have on Solaris hosts that does actually work.

Similar? How? What is the difference?

> I am not quite sure whether this is a PAM or a pam_krb5 issue. Does 
> anyone have any suggestions or ideas how to solve this?

Post more informations, pam settings, krb5.conf on both sides, ...

Sensei <senseiwa at>

The optimist thinks this is the best of all possible worlds.
The pessimist fears it is true.      [J. Robert Oppenheimer]

More information about the Kerberos mailing list