Neste momento, se eu tentar adicionar um usuário que não seja do sistema, não no reino Kerberos da universidade, será solicitada uma senha do Kerberos. Obviamente, não há senha a ser inserida, então basta pressionar enter e ver:
passwd: Authentication token manipulation error
passwd: password unchanged
Digitar passwd newuser
tem o mesmo problema com a mesma mensagem.
Eu tentei usar pwconv
na esperança de que apenas uma entrada de sombra fosse necessária, mas não mudou nada.
Eu quero poder adicionar um usuário local que não esteja no reino e fornecer a ele uma senha local sem ser incomodado com o Kerberos.
Estou no Ubuntu 10.04. Aqui estão meus arquivos /etc/pam.d/common-*
(os padrões que o pacote pam-auth-update
do Ubuntu gera):
/etc/pam.d/common-account
# here are the per-package modules (the "Primary" block)
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
# here's the fallback if no module succeeds
account requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
account required pam_permit.so
# and here are more per-package modules (the "Additional" block)
account required pam_krb5.so minimum_uid=1000
# end of pam-auth-update config
/etc/pam.d/common-auth
# here are the per-package modules (the "Primary" block)
auth [success=2 default=ignore] pam_krb5.so minimum_uid=1000
auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass
# here's the fallback if no module succeeds
auth requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth required pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config
/etc/pam.d/common-password
# here are the per-package modules (the "Primary" block)
password requisite pam_krb5.so minimum_uid=1000
password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
# here's the fallback if no module succeeds
password requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
password required pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config
/etc/pam.d/common-session
# here are the per-package modules (the "Primary" block)
session [default=1] pam_permit.so
# here's the fallback if no module succeeds
session requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required pam_permit.so
# and here are more per-package modules (the "Additional" block)
session optional pam_krb5.so minimum_uid=1000
session required pam_unix.so
# end of pam-auth-update config