su + pam-krb5 + alt_auth_map
kjl
kjl at rzg.mpg.de
Tue Oct 1 09:16:37 EDT 2013
Hello!
when trying to replace "ksu" by "su" and "pam-krb5" I'm facing
some difficulties, if I configure "alt_auth_map=%s/root" (see below)
to use of the root instance account of the username. According to
the pam-krb5 manpage this should be possible.
In the Kerberos Log appears
"AS-REQ root/root at XXX from XXX ..."
instead of the expected "<user>/root" principal.
Perhaps someone can point me into the right direction how to solve this
issue.
configuration:
/etc/pam.d/su
#%PAM-1.0
auth sufficient pam_rootok.so
auth sufficient pam_krb5.so alt_auth_map=%s/root only_alt_auth
minimum_uid=0 debug
auth include common-auth
account sufficient pam_rootok.so
account include common-account
password include common-password
session include common-session
session optional pam_xauth.so
SUSE Linux Enterprise Server 11 (x86_64)
pam-1.1.5-0.10.17
pam-krb5-4.6
> rpm -qf /bin/su
coreutils-8.12-6.25.27.1
Thanks a lot in advance!
Karl
More information about the Kerberos
mailing list