Kerberos login problem

Mon, 09 Nov 2009 22:43:42 -0800 

I've tried to follow the instructions on this page:

        http://aput.net/~jheiss/krbldap/howto.html

... but I haven't been able to get Kerberos login to work.

"kinit username/admin" appears to work.  And I edited /etc/shadow to
change my password to *K* (as described on that page under "Kerberos
Clients") and used authconfig-tui to add Kerberos authentication.  But I
cannot log into the machine (at the terminal or using ssh).

/etc/pam.d/system-auth looks like this:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_krb5.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nis nullok
try_first_pass use_authtok
password    sufficient    pam_krb5.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_krb5.so

-- 
Braden McDaniel <[email protected]>

-- 
fedora-list mailing list
[email protected]
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Reply via email to