Want to use kerberos for pam-awared XDM. In /etc/pam.d, xdm uses the following rules:
Quote:
auth required pam_env.so
auth sufficient pam_unix2.so
auth required pam_krb5.so try_first_pass
|
But it denies any login even though username and password are correct. When the last 2 from above rules switched, it asks for password twice for a valid user. In all cases, the user has the same local system account name and principal name in kerberos. and the two passwords are the same.
What is wrong? What is the correct PAM configuration files for auth, account, password and session.
And is it possible to authenticate a user who only appears in kerberos but NOT in local system? It seems to me pam_krb5.so checks user info with local uid/gid?
Thanks!