cancel
Showing results for 
Search instead for 
Did you mean: 

pam_user.conf being ignored

 
Frank417
Advisor

pam_user.conf being ignored

I'm trying to stop root from being authenticated using kerberos and can't seem to get it to work. Below is the pam.conf file...

login auth required libpam_updbe.so.1 debug
login auth required libpam_hpsec.so.1
login auth sufficient libpam_krb5.so.1 krb_prompt
login auth required libpam_unix.so.1 try_first_pass
su auth required libpam_updbe.so.1
su auth required libpam_hpsec.so.1
su auth sufficient libpam_krb5.so.1 krb_prompt
su auth required libpam_unix.so.1 try_first_pass
dtlogin auth required libpam_updbe.so.1
dtlogin auth required libpam_hpsec.so.1
dtlogin auth sufficient libpam_krb5.so.1 krb_prompt
dtlogin auth required libpam_unix.so.1 try_first_pass
dtaction auth required libpam_updbe.so.1
dtaction auth required libpam_hpsec.so.1
dtaction auth sufficient libpam_krb5.so.1 krb_prompt
dtaction auth required libpam_unix.so.1 try_first_pass
ftp auth required libpam_updbe.so.1
ftp auth required libpam_hpsec.so.1
ftp auth sufficient libpam_krb5.so.1 krb_prompt
ftp auth required libpam_unix.so.1 try_first_pass
sshd auth required libpam_updbe.so.1
sshd auth required libpam_hpsec.so.1
sshd auth sufficient libpam_krb5.so.1 krb_prompt
sshd auth required libpam_unix.so.1 try_first_pass
OTHER auth required libpam_unix.so.1


and below is the pam_user.conf file....

root auth /usr/lib/security/libpam_krb5.so.1 ignore
root account /usr/lib/security/libpam_krb5.so.1 ignore
root session /usr/lib/security/libpam_krb5.so.1 ignore
root password /usr/lib/security/libpam_krb5.so.1 ignore



The kerberos password still works for root with these conf files.
2 REPLIES
Frank417
Advisor

Re: pam_user.conf being ignored

I just figured it out. I had just the module name is one file and the full path in another. I took out the full path in pam_user.conf and now it looks like its working.
Frank417
Advisor

Re: pam_user.conf being ignored

I just figured it out. I had just the module name is one file and the full path in another. I took out the full path in pam_user.conf and now it looks like its working.