k5login & root
Markus Moeller
huaraz at moeller.plus.com
Fri Feb 29 14:40:45 EST 2008
There might be one exception. If I remember right to login onto
OpenSolaris/Solaris 10 with a non kerberised client (e.g. console) using
pam_krb5 requires a root principal to login as root or at least have a dummy
root principal key in the keytab to pass to the next pam module.
Markus
"Richard E. Silverman" <res at qoxp.net> wrote in message
news:m2mypkv6dt.fsf at darwin.oankali.net...
>>>>>> "SM" == Steven Miller <stevenraymillerjr at yahoo.com> writes:
>
> SM> It looks as if root needs to be a principal in the realm, before
> SM> using a k5login file to allow users to become root. Is this
> SM> correct?
>
> No -- root is a Unix account to which you are giving certain principals
> access, but placing those principals' names in ~root/.5login. There's no
> need for a principal corresponding to the root account.
>
> SM> Assuming that it is, I want root's password to be managed
> SM> locally (i.e not via kerberos), is there a way to do this? I would
> SM> guess it might involve a keytab?
>
> SM> thanks in advance,
>
> SM> Steven
>
>
> SM>
> ____________________________________________________________________________________
> SM> Be a better friend, newshound, and know-it-all with Yahoo! Mobile.
> SM> Try it now.
> SM> http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
>
>
> --
> Richard Silverman
> res at qoxp.net
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list