Hi all, I am struggling to configure kerberos login in Redhat 6.3. I am able to get kerberos ticket upon login, but I cannot force it (dy disabling local authentication).
I have local user accounts with local passwords and kerberos passwords. What I need is to *disable the login with local passwords* and *force the login to use kerberos*. This is my current /etc/pam.d/system-auth configuration: #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth required pam_env.so > auth [success=done new_authtok_reqd=done ignore=ignore default=die] > pam_krb5.so minimum_uid=500 > auth sufficient pam_unix.so nullok try_first_pass > auth requisite pam_succeed_if.so uid >= 500 quiet > auth required pam_deny.so account [success=done new_authtok_reqd=done ignore=ignore default=die] > pam_krb5.so minimum_uid=500 > account required pam_unix.so broken_shadow > account sufficient pam_succeed_if.so uid < 500 quiet > account required pam_permit.so > password requisite pam_cracklib.so try_first_pass retry=3 type= > password [success=done new_authtok_reqd=done ignore=ignore default=die] > pam_krb5.so minimum_uid=500 > password sufficient pam_unix.so sha512 nullok try_first_pass > use_authtok uid < 500 > password required pam_deny.so > session optional pam_keyinit.so revoke > session required pam_limits.so > session [success=1 default=ignore] pam_succeed_if.so service in crond > quiet use_uid > session required pam_krb5.so minimum_uid=500 > session required pam_unix.so /etc/pam.d/login basically includes the system-auth configuration. The weird configuration for pam_krb5.so is a mix of sufficient and requiste. Thanks in advance for any help, Tiago Elvas ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
