root login via Kerberos5 - "User not known to the underlying authentication module" - why?
Wendy Lin
wendlin1974 at gmail.com
Thu Mar 27 13:12:58 EDT 2014
On 24 March 2014 11:58, Predrag Zecevic [Unix Systems Administrator]
<Predrag.Zecevic at 2e-systems.com> wrote:
> On 03/24/14 11:31 AM, Wendy Lin wrote:
>> I am trying to allow user root (uid=0) to be authenticated via
>> Kerberos5 at login time, too, but if I do I get a "User not known to
>> the underlying authentication module" error and login is refused.
>>
>> OS is Suse 13.1
>>
>> pam config is:
>> grep -r krb5 /etc/pam.d/
>> /etc/pam.d/common-password-pc:password sufficient pam_krb5.so
>> /etc/pam.d/common-account-pc:account required pam_krb5.so
>> use_first_pass
>> /etc/pam.d/common-auth-pc:auth sufficient pam_krb5.so use_first_pass
>> /etc/pam.d/common-session-pc:session optional pam_krb5.so
>>
>> What am I doing wrong?
>>
>> Wendy
> Hi,
>
> * does other users have similar problem?
> (user root is 'defined' on each system before staring to use Kerberos, so try to find other account similar to root and try to
> use it)...
There is a root@<PRINCIPAL>
> * does you Kerberos have LDAP as backend DB?
> If yes (like I would expect), then probably user root is no defined, so you can add (to pam configuration) something like:
> account [default=bad success=ok user_unknown=ignore] pam_krb5.so
No, we use the built in database backend in this case.
Wendy
More information about the Kerberos
mailing list