Bug 79853
Summary: | updated pam_krb5 does not allow logins on console. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | Stephen John Smoogen <smooge> |
Component: | pam_krb5 | Assignee: | Nalin Dahyabhai <nalin> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.0 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-02-24 19:07:39 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Stephen John Smoogen
2002-12-17 16:07:03 UTC
While I know no one seems to be reading these bug reports :)... I figured out what the problem is: authconfig puts in a line for /etc/pam.d/system-auth that does not seem to work in our Kerberos environment. account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/$ISA/pam_krb5.so This central part is causing our root logins to fail and our current fix is to install a patched version that doesnt have this line in it. Hmm. Setting the module to "sufficient" has the same effect as removing the check completely (because a "required" module has already succeeded at that point, libpam will ignore the failure code returned by pam_krb5 if it is marked "sufficient"). Do your users have principals in Kerberos? What error messages are you getting from pam_krb5 when login fails? |