On Mon, Aug 21, 2017 at 3:22 AM, Lukas Slebodnik <lslebodn@redhat.com> wrote:

On (19/08/17 14:45), Louis Garcia wrote:
>On Sat, Aug 19, 2017 at 5:01 AM, Lukas Slebodnik <lslebodn@redhat.com>
>wrote:
>
>> On (19/08/17 10:57), Lukas Slebodnik wrote:
>> >I think it would be better to start from scratch:
>>
>You did tell me that I was not hitting that RH bug. Sorry.
>
>
>> >
>> >Please answer to following question:
>> >Is your local password the same as kerberos password?
>>
>Yes
>

And this is the main problem why it does not work for you.

Because pam_unix will be used as the first one.
And I would not recommend to change order of modules pam stack manually.

Your local account should have different password or should not have password
at all. Otherwise such setup will not work for you.

LS

Hey we are finally getting somewhere.

If I delete my local account I can't login at all. I added my local account back but with no password and I was able to login and get my kerberos ticket.

So with this setup I still need a local account an every box I use, with no password or different then the kerberos one? I thought I could centrally manage my user accounts and passwords with kerberos?

Do I need something like freeipa? Might be a bit out bounds for this list. Thank you for your help.