k5login & root

Markus Moeller huaraz at moeller.plus.com
Fri Feb 29 14:40:45 EST 2008


There might be one exception. If I remember right to login onto 
OpenSolaris/Solaris 10 with a non kerberised client (e.g. console) using 
pam_krb5 requires a root principal to login as root or at least have a dummy 
root principal key in the keytab to pass to the next pam module.

Markus

"Richard E. Silverman" <res at qoxp.net> wrote in message 
news:m2mypkv6dt.fsf at darwin.oankali.net...
>>>>>> "SM" == Steven Miller <stevenraymillerjr at yahoo.com> writes:
>
>    SM> It looks as if root needs to be a principal in the realm, before
>    SM> using a k5login file to allow users to become root. Is this
>    SM> correct?
>
> No -- root is a Unix account to which you are giving certain principals
> access, but placing those principals' names in ~root/.5login.  There's no
> need for a principal corresponding to the root account.
>
>    SM> Assuming that it is, I want root's password to be managed
>    SM> locally (i.e not via kerberos), is there a way to do this? I would
>    SM> guess it might involve a keytab?
>
>    SM> thanks in advance,
>
>    SM> Steven
>
>
>    SM> 
> ____________________________________________________________________________________
>    SM> Be a better friend, newshound, and know-it-all with Yahoo! Mobile.
>    SM> Try it now.
>    SM> http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
>
>
> -- 
>  Richard Silverman
>  res at qoxp.net
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 





More information about the Kerberos mailing list