Yeah...that did it. It was actually in there and I removed it. I guess I thought it was more literal...i.e. use the first password you type even it was wrong and you were prompted again... At any rate it works fine now.
the reason I have krb first though is because there are no unix passwords other then root and root can't login via ssh anyway. everything is done with sudo or su -. I was just trying to avoid the "no kerb credentials for user root" in the logs. Thanks all, Steve On 3/13/06, Kevin Otte <[EMAIL PROTECTED]> wrote: > > I have our systems set up to try pam_unix first, then pam_krb5. This way > if > you try a root login, the local is matched first. I then add > "use_first_pass" as a parameter to pam_krb5, such that you do not get a > second prompt. > > [EMAIL PROTECTED]:~$ cat /etc/pam.d/common-auth > auth sufficient pam_unix.so nullok_secure > auth sufficient pam_krb5.so use_first_pass > auth required pam_deny.so > > This is on an Ubuntu machine, so some changes may need to be made for > other > platforms. Good luck! > > -- > Kevin Otte, N8VNR > [EMAIL PROTECTED] > http://www.nivex.net/ > > -=- > > "Those who cannot remember the past are condemned to repeat it." > -- George Santayana > > "It seems no one reads Santayana anymore." > -- Cdr. Susan Ivanova, Babylon 5 > > -- > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
