Gentoo Forums :: View topic - pam_krb5 breaks sudo/doas. Here's the solution

pam_krb5 breaks sudo/doas. Here's the solution

View unanswered posts
View posts from last 24 hours

Gentoo Forums Forum Index

Networking & Security

View previous topic :: View next topic

Author

Message

Victor Brand
n00b
n00b

Joined: 13 Apr 2024
Posts: 1

Posted: Sat Apr 13, 2024 9:16 pm Post subject: pam_krb5 breaks sudo/doas. Here's the solution

I've stumbled upon an issue with pam_krb5. When KDC and admin servers are fully configured, it prevents a user from utilizing sudo/doas commands (su - works well though). I've found a solution by using Debian's configuration of pam_krb5 in Gentoo. I modified /etc/pam.d/system.auth in lines where pam_krb5 was mentioned:

Code:

auth    [success=3 default=ignore] pam_krb5.so minimum_uid=1000 try_first_pass
account    required pam_krb5.so minimum_uid=1000 try_first_pass
password [success=1 default=ignore] pam_krb5.so minimum_uid=1000 try_first_pass
session    [success=1 default=ignore] pam_krb5.so minimum_uid=1000 try_first_pass

Everything seems to be working as of now.

EDIT: I've slightly modified my solution, because it didn't work well with xscreensaver unlocking. Actually, what I've done is that I removed of the 'debug' option and switched the deprecated 'ignore_root' option to 'minimum_uid=1000'.

Display posts from previous:

	Gentoo Forums Forum Index Networking & Security	All times are GMT
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy