/etc/pam.d/通用帐户

tag-icon tag-icon linux kerberos pam
/etc/pam.d/通用帐户

现在,如果我尝试添加不在大学 Kerberos 域中的非系统用户,系统会提示我输入 Kerberos 密码。显然不需要输入密码,所以我只需按 Enter 键,然后会看到:

passwd: Authentication token manipulation error
passwd: password unchanged

打字时passwd newuser遇到同样的问题,且信息也相同。

我尝试使用pwconv,希望只需要一个影子条目,但它什么也没有改变。

我希望能够添加不在该领域的本地用户并为他们提供本地密码,而不必担心 Kerberos。

我在 Ubuntu 10.04 上。以下是我的/etc/pam.d/common-*文件(Ubuntupam-auth-update软件包生成的默认文件):

/etc/pam.d/通用帐户

# here are the per-package modules (the "Primary" block)
account [success=1 new_authtok_reqd=done default=ignore]        pam_unix.so
# here's the fallback if no module succeeds
account requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
account required                        pam_permit.so
# and here are more per-package modules (the "Additional" block)
account required                        pam_krb5.so minimum_uid=1000
# end of pam-auth-update config

/etc/pam.d/common-auth

# here are the per-package modules (the "Primary" block)
auth    [success=2 default=ignore]      pam_krb5.so minimum_uid=1000
auth    [success=1 default=ignore]      pam_unix.so nullok_secure try_first_pass
# here's the fallback if no module succeeds
auth    requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth    required                        pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config

/etc/pam.d/通用密码

# here are the per-package modules (the "Primary" block)
password        requisite                       pam_krb5.so minimum_uid=1000
password        [success=1 default=ignore]      pam_unix.so obscure use_authtok     try_first_pass sha512
# here's the fallback if no module succeeds
password        requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
password        required                        pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config

/etc/pam.d/common-session

# here are the per-package modules (the "Primary" block)
session [default=1]                     pam_permit.so
# here's the fallback if no module succeeds
session requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required                        pam_permit.so
# and here are more per-package modules (the "Additional" block)
session optional                        pam_krb5.so minimum_uid=1000
session required        pam_unix.so
# end of pam-auth-update config

答案1

通过 pam-auth-update 命令临时调整

  1. 您可以使用 暂时停用 Kerberos pam-auth-update。因此它看起来像这样:
    [ ] Kerberos authentication
  2. 然后您可以添加用户/更改密码。
  3. pam-auth-update完成后,使用 重新激活 Kerberos 。如下所示:
    [*] Kerberos authentication

也可以看看:pam-auth-update手册页

答案2

在你的终端中,

跑步sudo pam-auth-update - manage

将打开一个弹出提示窗口。

在你的第一个选择中,

[*] Kerberos authentication

导航并按下space bar并选择Ok

参见下图, 在此处输入图片描述 尝试更改您的密码。完成后,运行相同的命令并*再次添加。 [ ] Kerberos authentication

相关内容