Good Day,

We primarily run with RHEL 5/6/7 Servers, but, for SAP we will be testing on SLES. We use Kerberos for authentication purposes ie. Add user locally but passwords are checked against AD. I installed the SLES 12 Server with defaults and did the following after :

zypper install krb5-client pam_krb5

Copied the /etc/krb5.conf file from one of the RHEL Servers across to the SLES 12 Server

pam-config --add --krb5 --add --mkhomedir

Now I can login with the local Admin User Accounts I added with password checks being done against AD ... however, even though root has a local password, it is being authenticated against AD and then obviously fails.

Some config files :


passwd: compat
group: compat


account requisite try_first_pass
account required use_first_pass
account required


auth required
auth optional
auth sufficient try_first_pass
auth sufficient use_first_pass
auth required


password requisite
password optional use_authtok
password [default=ignore success=1] uid > 999 quiet
password sufficient use_authtok nullok shadow try_first_pass
password sufficient
password required


session optional
session required
session required try_first_pass
session optional
session optional
session optional
session optional auto_start only_if=gdm,gdm-password,lxdm,lightdm
session optional

Other thing that crops up is the following :

chage -l user
chage: PAM: User not known to the underlying authentication module

Can anyone assist ... maybe something trivial that I am missing ?