Kevin Otte said the following:
I have our systems set up to try pam_unix first, then pam_krb5. This way if
you try a root login, the local is matched first. I then add
"use_first_pass" as a parameter to pam_krb5, such that you do not get a
second prompt.
[EMAIL PROTECTED]:~$ cat /etc/pam.d/common-auth
auth sufficient pam_unix.so nullok_secure
auth sufficient pam_krb5.so use_first_pass
auth required pam_deny.so
This would make a great topic for a TriLUG meeting.
Volunteers?
Alan
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
