Hi everyone I want to be able to unlock xscreensaver when authenticated against Kerberos. The KDC is Samba 4 and I can logon fine to the domain. I used Yast to add the pam_krb5 package and ran pam-config -a --krb5 Now, only root can login in single mode. /etc/pam.d/common-password before adding kerberos (works fine, but cannot unlock xscreensaver): password requisite pam_pwcheck.so nullok cracklib password optional pam_gnome_keyring.so use_authtok password sufficient pam_unix2.so use_authtok nullok password required pam_ldap.so try_first_pass use_authtok /etc/pam.d/common-password after adding krb5 (no one can login apart from booting into single user): password requisite pam_pwcheck.so nullok cracklib password optional pam_gnome_keyring.so use_authtok password [default=ignore success=1] pam_succeed_if.so uid > 999 quiet password sufficient pam_unix2.so use_authtok nullok password sufficient pam_krb5.so password required pam_ldap.so try_first_pass use_authtok I think it's something to do with this line: password [default=ignore success=1] pam_succeed_if.so uid > 999 quiet Does this mean that no user with a uid of less than 1000 will be able to authenticate? What if I'm in a bar and the KDC is not available? I'm locked out of my local account. This is a laptop. Ahhgghh!! Thanks L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org