Victor Brand n00b
Joined: 13 Apr 2024 Posts: 1
|
Posted: Sat Apr 13, 2024 9:16 pm Post subject: pam_krb5 breaks sudo/doas. Here's the solution |
|
|
I've stumbled upon an issue with pam_krb5. When KDC and admin servers are fully configured, it prevents a user from utilizing sudo/doas commands (su - works well though). I've found a solution by using Debian's configuration of pam_krb5 in Gentoo. I modified /etc/pam.d/system.auth in lines where pam_krb5 was mentioned:
Code: |
auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000 try_first_pass
account required pam_krb5.so minimum_uid=1000 try_first_pass
password [success=1 default=ignore] pam_krb5.so minimum_uid=1000 try_first_pass
session [success=1 default=ignore] pam_krb5.so minimum_uid=1000 try_first_pass
|
Everything seems to be working as of now.
EDIT: I've slightly modified my solution, because it didn't work well with xscreensaver unlocking. Actually, what I've done is that I removed of the 'debug' option and switched the deprecated 'ignore_root' option to 'minimum_uid=1000'. |
|