Can't get Russ' pam_krb5 module to work with ssh on RHEL5
Russ Allbery
rra at stanford.edu
Thu Mar 1 19:38:30 EST 2012
Jason Edgecombe <jason at rampaginggeek.com> writes:
> No, the local users are locked in the shadow file. The users have a "*"
> in the password field for the /etc/shadow file. I'm using nssdb for
> passwd and shadow file if that matters.
If you lock users in /etc/shadow, pam_unix will reject all logins via
whatever mechanism for those users. So you either have to arrange to
bypass pam_unix entirely in PAM, or you need to not lock users and instead
just give them invalid password entries.
However, "*" isn't locking the account; "!" is locking the account. At
least on Debian; maybe pam_unix works differently on Red Hat?
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list