I have having problems with Kerberos Authentication on openSUSE 10.2 When I use Yast to configure my Kerberos Clients I can no longer su from root to a user. I can still log in as a user or as root from both ssh or the console. I have tracked the culprit down to the common-account file. By default Yast configures the common-account settings to be: account requisite pam_unix2.so account required pam_krb5.so use_first_pass This means that when root runs su - username the pam_krb5 module fails with Jul 9 16:15:15 linux su: pam_krb5[7148]: user '<username>' was not authenticated by pam_krb5, returning "User not known to the underlying authentication module" Jul 9 16:15:15 linux su: pam_krb5[7148]: pam_acct_mgmt returning 10 (User not known to the underlying authentication module) If I set account required pam_krb5.so use_first_pass to account optional pam_krb5.so use_first_pass or set account requisite pam_unix2.so to account sufficient pam_unix2.so or comment out the pam_krb5.so line entirely from common-account then everything works as expected. Am I missing something here or is this a bug in the way Yast is configuring Kerberos on 10.2 On SuSE 9.3 and 10.1 Yast handles kerberos differently (uses /etc/security/pam_unix2.conf) and I have no problems there. -- Tom Parker Systems Delivery Specialist Lottery Systems Division Canadian Bank Note Company -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org