root login not possible

Mike Dopheide dopheide at ncsa.uiuc.edu
Tue Nov 7 12:48:58 EST 2006


Unfortunately, I don't have any Debian systems so I don't know what their 
default configuration looks like.  Take a look in your /var/log/messages 
(or equivalent) and see if PAM is spitting out any useful information.  If 
there are messages, paste them here with your PAM config.

> Hello Mike,
>
> On 10/27/06, Mike Dopheide <dopheide at ncsa.uiuc.edu> wrote:
>> 
>> What are you using to login?  telnet/rsh/ssh?  My first guess is that ssh
>> is configured to disallow root logins on the second system.
>> 
>
> I try to login directly. Not over ssh/telnet/ or sth else.
>
>> -Mike
>> 
>> > Hello ml,
>> >
>> > i have just installed Kerberos on a Debian (Sarge) System.
>> >
>> > I configured pam to allow kerberos login.
>> >
>> > Every non-root user can successfully login and get a kerberos ticket.
>> >
>> > But the root-user cannot login.
>> >
>> > When i try to login as root on a client-machine the login works
>> > (password get verified by the kerberos-server) and i get a kerberos
>> > ticket.
>> >
>> > Both machines have the same pam configuration and version. (both Debian 
>> Sarge).
>> >
>> > Anyone any ideas?
>> >
>> >
>> > p.s. in the log messages the following appears:
>> >
>> > --------8<-----------------------8<---------------------8<--------
>> >
>> > Oct 27 08:53:35 server1 krb5kdc[13972]: AS_REQ (7 etypes {18 17 16 23
>> > 1 3 2}) 192.168.0.11: NEEDED_PREAUTH: root at DOM.NET for
>> > krbtgt/DOM.NET at DOM.NET, Additional pre-authentication required
>> > Oct 27 08:53:35 server1 krb5kdc[13972]: AS_REQ (7 etypes {18 17 16 23
>> > 1 3 2}) 192.168.0.11: ISSUE: authtime 1161932015, etypes {rep=16
>> > tkt=16 ses=16}, root at DOM.NET for krbtgt/DOM.NET at DOM.NET
>> > Oct 27 08:53:35 server1 krb5kdc[13972]: TGS_REQ (7 etypes {18 17 16 23
>> > 1 3 2}) 192.168.0.11: ISSUE: authtime 1161932015, etypes {rep=16
>> > tkt=16 ses=16}, root at DOM.NET for host/server1.dom.net at DOM.NET
>> >
>> >
>> > --------8<-----------------------8<---------------------8<--------
>> >
>> > Jan
>> > ________________________________________________
>> > Kerberos mailing list           Kerberos at mit.edu
>> > https://mailman.mit.edu/mailman/listinfo/kerberos
>> >
>> 
>



More information about the Kerberos mailing list