r4920 - in trunk/BOOK: introduction/welcome postlfs/security

larry at linuxfromscratch.org larry at linuxfromscratch.org
Sat Aug 13 19:00:35 PDT 2005


Author: larry
Date: 2005-08-13 20:00:32 -0600 (Sat, 13 Aug 2005)
New Revision: 4920

Modified:
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/postlfs/security/mitkrb.xml
Log:
add warning to mitkrb5

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2005-08-13 22:24:56 UTC (rev 4919)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2005-08-14 02:00:32 UTC (rev 4920)
@@ -25,6 +25,11 @@
   <itemizedlist>
 
     <listitem>
+      <para>August 13th, 2005 [larry]: Add a warning to mitkrb5
+      concerning the use of login.krb5 as a substitute for login.</para>
+    </listitem>
+
+    <listitem>
       <para>August 13th, 2005 [randy]: Updated to OpenLDAP-2.2.6 stable
       version; also added dependencies and configuration explanation.</para>
     </listitem>

Modified: trunk/BOOK/postlfs/security/mitkrb.xml
===================================================================
--- trunk/BOOK/postlfs/security/mitkrb.xml	2005-08-13 22:24:56 UTC (rev 4919)
+++ trunk/BOOK/postlfs/security/mitkrb.xml	2005-08-14 02:00:32 UTC (rev 4920)
@@ -119,8 +119,18 @@
 ln -v -sf ../../lib/libcom_err.so.3 /usr/lib/libcom_err.so &&
 ldconfig</userinput></screen>
 
-    <para>If <application>Linux-Pam</application> is not installed, the
-    following should be entered as the
+    <warning><command>login.krb5</command> does not support
+      <application>shadow</application> passwords. As a result, when the
+      kerberos server is unavailable, the default fall through to
+      <filename>/etc/password</filename> will <bold>not</bold> work because
+      the passwords have been moved to <filename>/etc/shadow</filename> during
+      the <acronym>LFS</acronym> build process.  Entering the following
+      commands without moving the passwords back to
+      <filename>/etc/password</filename> could prevent <bold>any</bold> logins.
+    </warning>
+
+    <para>If <application>Linux-Pam</application> is not installed and
+    you understand the above warning, the following can be entered as the
     <systemitem class="username">root</systemitem> user:</para>
 
 <screen role="root"><userinput>mv -v /bin/login /bin/login.shadow &&




More information about the blfs-book mailing list