On Tue, Jan 06, 2009 at 10:27:11AM -0800, Russ Allbery wrote: [..snip..] > I'll add something more to the documentation about this, explaining the > issue. I just noticed the docs already have:
| This configuration will still require that users be listed in /etc/shadow, | since otherwise the pam_unix account module will fail. Normally, accounts | that should only use Kerberos authentication should be created with | adduser --disabled-password. If you | don't want the accounts to be listed in /etc/shadow at all (if, for | example, you're using some other source than files for your nsswitch | configuration), you can mark the pam_krb5 account module as sufficient | rather than required so that pam_unix isn't run. This will mean that | you won't be able to disable accounts locally. So this was probably just an oversight on my part and the bug can be closes as is. Cheers, -- Guido -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
