SLES 12 SP2 SAP - Kerberos

Good Day,

We primarily run with RHEL 5/6/7 Servers, but, for SAP we will be testing on SLES. We use Kerberos for authentication purposes ie. Add user locally but passwords are checked against AD. I installed the SLES 12 Server with defaults and did the following after :

zypper install krb5-client pam_krb5

Copied the /etc/krb5.conf file from one of the RHEL Servers across to the SLES 12 Server

pam-config --add --krb5 --add --mkhomedir

Now I can login with the local Admin User Accounts I added with password checks being done against AD … however, even though root has a local password, it is being authenticated against AD and then obviously fails.

Some config files :


passwd: compat
group: compat[/I]


account requisite try_first_pass
account required use_first_pass
account required[/I]


auth required
auth optional
auth sufficient try_first_pass
auth sufficient use_first_pass
auth required[/I]


password requisite
password optional use_authtok
password [default=ignore success=1] uid > 999 quiet
password sufficient use_authtok nullok shadow try_first_pass
password sufficient
password required[/I]


session optional
session required
session required try_first_pass
session optional
session optional
session optional
session optional auto_start only_if=gdm,gdm-password,lxdm,lightdm
session optional[/I]

Other thing that crops up is the following :

chage -l user
chage: PAM: User not known to the underlying authentication module

Can anyone assist … maybe something trivial that I am missing ?



It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

Be sure to read the forum FAQ about what to expect in the way of responses:

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot…

Good luck!

Your SUSE Forums Team