After moving to Lenny, we've had issues running cron jobs from non-
local accounts. We use kerberos and hesiod as our authentication
infrastructure and cron isn't too happy with those types of accounts.
This is what we see in /var/log/syslog:
Nov 2 13:41:01 so-much-for-subtlety CRON[21205]: Authentication
service cannot retrieve authentication info
Nov 2 13:42:01 so-much-for-subtlety CRON[21295]: Authentication
service cannot retrieve authentication info
Nov 2 13:43:01 so-much-for-subtlety CRON[21385]: Authentication
service cannot retrieve authentication info
Nov 2 13:44:01 so-much-for-subtlety CRON[21476]: Authentication
service cannot retrieve authentication info
This is for a cronjob that's set to run every minute. Cronjobs that
run as root work fine. As a work-around, adding any entry to /etc/
shadow similar to this seems to fix the problem:
nightly:*:14410:0:99999:7:::
Here's the contents of some of the relevant /etc/pam.d files:
# /etc/pam.d/common-account
account sufficient pam_krb5.so ignore_root
account required pam_unix.so
# /etc/pam.d/common-auth
auth sufficient pam_unix.so nullok_secure
auth required pam_krb5.so use_first_pass
# /etc/pam.d/common-login
session optional pam_lastlog.so
session optional pam_motd.so
session optional pam_mail.so standard
session required pam_mkhomedir.so
# /etc/pam.d/common-password
password required pam_unix.so nullok obscure md5
# /etc/pam.d/common-password
session required pam_unix.so
# /etc/pam.d/cron
@include common-auth
auth required pam_env.so
@include common-account
@include common-session
# Sets up user limits, please define limits for cron tasks
# through /etc/security/limits.conf
session required pam_limits.so
--Erik
