root login via Kerberos5 - "User not known to the underlying authentication module" - why?

Predrag Zecevic [Unix Systems Administrator] Predrag.Zecevic at 2e-systems.com
Mon Mar 24 06:58:42 EDT 2014 

On 03/24/14 11:31 AM, Wendy Lin wrote:
> I am trying to allow user root (uid=0) to be authenticated via
> Kerberos5 at login time, too, but if I do I get a "User not known to
> the underlying authentication module" error and login is refused.
>
> OS is Suse 13.1
>
> pam config is:
> grep -r krb5 /etc/pam.d/
> /etc/pam.d/common-password-pc:password  sufficient      pam_krb5.so
> /etc/pam.d/common-account-pc:account    required        pam_krb5.so
>   use_first_pass
> /etc/pam.d/common-auth-pc:auth  sufficient      pam_krb5.so     use_first_pass
> /etc/pam.d/common-session-pc:session    optional        pam_krb5.so
>
> What am I doing wrong?
>
> Wendy
Hi,

* does other users have similar problem?
    (user root is 'defined' on each system before staring to use Kerberos, so try to find other account similar to root and try to 
use it)...

* does you Kerberos have LDAP as backend DB?
    If yes (like I would expect), then probably user root is no defined, so you can add (to pam configuration) something like:
account [default=bad success=ok user_unknown=ignore] pam_krb5.so

Regards.

P.S: Your post doesn't supply enough information, so this answer can be completely wrong. Just an idea.

> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>

-- 
Predrag Zečević, Technical Support Analyst, 2e Systems GmbH

Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile:    +49  174 3109 288,     Skype: predrag.zecevic
E-mail:    predrag.zecevic at 2e-systems.com

Headquarter:          2e Systems GmbH, Königsteiner Str. 87,
                       65812 Bad Soden am Taunus, Germany
Company registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director:    Phil Douglas

http://www.2e-systems.com/ - Making your business fly!

[***]===---
I finally went to the eye doctor. I got contacts. I only need them to read, so I got flip-ups. -- Steven Wright

More information about the Kerberos mailing list