root login not possible

[Mike Dopheide]

What are you using to login?  telnet/rsh/ssh?  My first guess is that ssh 
is configured to disallow root logins on the second system.

As an aside, I'd highly recommend against using a 'root' principle.  It's 
dangerous and doesn't leave a good audit trail.  We prefer our admins to 
login with normal accounts and 'ksu' if they need admin privileges.

-Mike

> Hello ml,
>
> i have just installed Kerberos on a Debian (Sarge) System.
>
> I configured pam to allow kerberos login.
>
> Every non-root user can successfully login and get a kerberos ticket.
>
> But the root-user cannot login.
>
> When i try to login as root on a client-machine the login works
> (password get verified by the kerberos-server) and i get a kerberos
> ticket.
>
> Both machines have the same pam configuration and version. (both Debian Sarge).
>
> Anyone any ideas?
>
>
> p.s. in the log messages the following appears:
>
> --------8<-----------------------8<---------------------8<--------
>
> Oct 27 08:53:35 server1 krb5kdc[13972]: AS_REQ (7 etypes {18 17 16 23
> 1 3 2}) 192.168.0.11: NEEDED_PREAUTH: root at DOM.NET for
> krbtgt/DOM.NET at DOM.NET, Additional pre-authentication required
> Oct 27 08:53:35 server1 krb5kdc[13972]: AS_REQ (7 etypes {18 17 16 23
> 1 3 2}) 192.168.0.11: ISSUE: authtime 1161932015, etypes {rep=16
> tkt=16 ses=16}, root at DOM.NET for krbtgt/DOM.NET at DOM.NET
> Oct 27 08:53:35 server1 krb5kdc[13972]: TGS_REQ (7 etypes {18 17 16 23
> 1 3 2}) 192.168.0.11: ISSUE: authtime 1161932015, etypes {rep=16
> tkt=16 ses=16}, root at DOM.NET for host/server1.dom.net at DOM.NET
>
>
> --------8<-----------------------8<---------------------8<--------
>
> Jan
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>