Can't get Russ' pam_krb5 module to work with ssh on RHEL5
Jason Edgecombe
jason at rampaginggeek.com
Thu Mar 1 20:30:08 EST 2012
On 03/01/2012 07:38 PM, Russ Allbery wrote:
> Jason Edgecombe<jason at rampaginggeek.com> writes:
>
>> No, the local users are locked in the shadow file. The users have a "*"
>> in the password field for the /etc/shadow file. I'm using nssdb for
>> passwd and shadow file if that matters.
> If you lock users in /etc/shadow, pam_unix will reject all logins via
> whatever mechanism for those users. So you either have to arrange to
> bypass pam_unix entirely in PAM, or you need to not lock users and instead
> just give them invalid password entries.
>
> However, "*" isn't locking the account; "!" is locking the account. At
> least on Debian; maybe pam_unix works differently on Red Hat?
>
Well, pam_unix worked fine with RedHat's pam_krb5. Console and GDM
logins work; only ssh is broken. I don't think that the password entries
is a problem.
More information about the Kerberos
mailing list