http://bugzilla.novell.com/show_bug.cgi?id=545724 Summary: useradd foo; passwd foo doesn't work if kerberos is used Classification: openSUSE Product: openSUSE 11.2 Version: Milestone 8 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: mc@novell.com ReportedBy: mmarek@novell.com QAContact: qa@suse.de Found By: --- On a system with ldap and kerberos, pam-config sets the following in /etc/pam.d/common-password-pc: password requisite pam_pwcheck.so nullok cracklib password [default=ignore success=1] pam_succeed_if.so uid > 999 quiet password sufficient pam_unix2.so use_authtok nullok password sufficient pam_krb5.so password required pam_ldap.so try_first_pass use_authtok The line with pam_succeed_if skips the pam_unix2 module for users with uid > 999. However, /etc/login.defs has UID_MIN 1000 so local users created with useradd will by default have a uid > 999: # useradd foo; passwd foo Changing password for foo. Kerberos 5 Password: passwd: User not known to the underlying authentication module # id foo uid=11065(foo) gid=100(users) groups=100(users),33(video) The log message in the pam-config repository was r151 | mcalmer | 2008-08-29 12:27:36 +0200 (Pá, 29 srp 2008) | 14 lines * release version 0.59 * src/mod_pam_unix2.c: skip password change for uid > 999 in case of krb5 is used. .. what was the reason for this change? What's the correct way of creating local users with useradd now? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.