root login not possible

Jan Gehring jan.gehring at gmail.com
Tue Nov 7 02:50:09 EST 2006


Hello Mike,

On 10/27/06, Mike Dopheide <dopheide at ncsa.uiuc.edu> wrote:
>
> What are you using to login?  telnet/rsh/ssh?  My first guess is that ssh
> is configured to disallow root logins on the second system.
>

I try to login directly. Not over ssh/telnet/ or sth else.

> -Mike
>
> > Hello ml,
> >
> > i have just installed Kerberos on a Debian (Sarge) System.
> >
> > I configured pam to allow kerberos login.
> >
> > Every non-root user can successfully login and get a kerberos ticket.
> >
> > But the root-user cannot login.
> >
> > When i try to login as root on a client-machine the login works
> > (password get verified by the kerberos-server) and i get a kerberos
> > ticket.
> >
> > Both machines have the same pam configuration and version. (both Debian Sarge).
> >
> > Anyone any ideas?
> >
> >
> > p.s. in the log messages the following appears:
> >
> > --------8<-----------------------8<---------------------8<--------
> >
> > Oct 27 08:53:35 server1 krb5kdc[13972]: AS_REQ (7 etypes {18 17 16 23
> > 1 3 2}) 192.168.0.11: NEEDED_PREAUTH: root at DOM.NET for
> > krbtgt/DOM.NET at DOM.NET, Additional pre-authentication required
> > Oct 27 08:53:35 server1 krb5kdc[13972]: AS_REQ (7 etypes {18 17 16 23
> > 1 3 2}) 192.168.0.11: ISSUE: authtime 1161932015, etypes {rep=16
> > tkt=16 ses=16}, root at DOM.NET for krbtgt/DOM.NET at DOM.NET
> > Oct 27 08:53:35 server1 krb5kdc[13972]: TGS_REQ (7 etypes {18 17 16 23
> > 1 3 2}) 192.168.0.11: ISSUE: authtime 1161932015, etypes {rep=16
> > tkt=16 ses=16}, root at DOM.NET for host/server1.dom.net at DOM.NET
> >
> >
> > --------8<-----------------------8<---------------------8<--------
> >
> > Jan
> > ________________________________________________
> > Kerberos mailing list           Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
>



More information about the Kerberos mailing list