I'm using Kerberos 5 for authentication and LDAP to provide account/host information.Kerberos and LDAP are served from the same system. The server and my client(s) are both FC1. My nsswitch.conf file has "files" listed first, followed by "ldap" for all services provided by LDAP: passwd: files ldap shadow: files ldap group: files ldap hosts: files ldap dns I would expect this to allow me to login as root on a system that has lost connectivity with the LDAP/Kerberos server, since root's account information is in local files. However, if my workstations loose communication with the LDAP/Kerberos server, I can't login at all, not even as root. After I type in the root username, The system appears to hang, but I eventually will get a "Login timeout" error. I've tested this my unplugging my ethernet cable and trying to login as root. My /etc/pam.d/system-auth file looks at pam_unix.so before pam_krb5.so, and was generated using authconfig. I just added the debug arguments to help track down this problem: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so debug auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok debug auth sufficient /lib/security/$ISA/pam_krb5.so use_first_pass debug auth required /lib/security/$ISA/pam_deny.so debug account required /lib/security/$ISA/pam_unix.so debug account [default=bad success=ok user_unknown=ignore service_err=ignore syste m_err=ignore] /lib/security/$ISA/pam_krb5.so debug password required /lib/security/$ISA/pam_cracklib.so retry=3 type= debug password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow debug password sufficient /lib/security/$ISA/pam_krb5.so use_authtok debug password required /lib/security/$ISA/pam_deny.so debug session required /lib/security/$ISA/pam_limits.so debug session required /lib/security/$ISA/pam_unix.so debug session optional /lib/security/$ISA/pam_krb5.so debug Any ideas? Prentice *************************************************************************** The contents of this communication are intended only for the addressee and may contain confidential and/or privileged material. If you are not the intended recipient, please do not read, copy, use or disclose this communication and notify the sender. Opinions, conclusions and other information in this communication that do not relate to the official business of my company shall be understood as neither given nor endorsed by it. ***************************************************************************
