Its hardcoded into our PAM module that if the user is "root", then it looks for root/<host>@REALM, I dont think there is a workaround for it unless you switch to a different pam_krb5 module.
This is a security "feature", we prefer that the root principal be unique to each host rather than global to the realm. Thus the root principal for one host is not automatically associated with the root user on the other hosts on the network. Also this allows for each host to have a different password associated with its root principal. -Wyllys Frederico S. Munoz wrote:
Hello all, I'm deploying a Kerberos V Realm in a mixed Unix environment (HP-UX, Solaris, GNU/Linux and AIX). By now I have most things sorted out and both Kerberos and LDAP are functioning quite well. I have this small problem though: all machines, when using pam_krb5, try to authenticate a "root" user using root@<REALM>, except Solaris. Solaris, only with the root login, tries to auth root/<host>@<REALM>. In the end I will probably not even use a generic root principal, so it's not that big a problem. I would however like to konw if someone else had this behaviour and was able to change it. Best Regards, fsmunoz
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
