useradd and passwd vs. Kerberos
At work we use LDAP and Kerberos authentication for users. During the testing of openSUSE 11.2, me and my other two colleagues (mmarek and mseben) have encountered problem that one cannot change the local password of user added with
passwd user jumps directly to setting krb5 password. This was reported as bnc#545724.
It turned out that this is caused by the line:
password [default=ignore success=1] pam_succeed_if.so uid > 999 quiet
which is added to
pam-config during the installation, when Kerberos is enabled.
So the question is: How to add local users with local password (e.g. for testing purposes)? You can add so-called system-users by using
useradd -r username (these will be given UID < 1000 and thus will not be handled by Kerberos). There is a catch, though. You cannot login as this user, because it’s shell is set to
/bin/false by default. You can change it in
/etc/passwd or, more cleanly, specify the shell immediately when creating the user:
useradd -r username -s /bin/bash