After moving to Lenny, we've had issues running cron jobs from non-local accounts. We use kerberos and hesiod as our authentication infrastructure and cron isn't too happy with those types of accounts. This is what we see in /var/log/syslog: Nov 2 13:41:01 so-much-for-subtlety CRON[21205]: Authentication service cannot retrieve authentication info Nov 2 13:42:01 so-much-for-subtlety CRON[21295]: Authentication service cannot retrieve authentication info Nov 2 13:43:01 so-much-for-subtlety CRON[21385]: Authentication service cannot retrieve authentication info Nov 2 13:44:01 so-much-for-subtlety CRON[21476]: Authentication service cannot retrieve authentication info This is for a cronjob that's set to run every minute. Cronjobs that run as root work fine. As a work-around, adding any entry to /etc/shadow similar to this seems to fix the problem: nightly:*:14410:0:99999:7::: Here's the contents of some of the relevant /etc/pam.d files: # /etc/pam.d/common-account account sufficient pam_krb5.so ignore_root account required pam_unix.so # /etc/pam.d/common-auth auth sufficient pam_unix.so nullok_secure auth required pam_krb5.so use_first_pass # /etc/pam.d/common-login session optional pam_lastlog.so session optional pam_motd.so session optional pam_mail.so standard session required pam_mkhomedir.so # /etc/pam.d/common-password password required pam_unix.so nullok obscure md5 # /etc/pam.d/common-password session required pam_unix.so # /etc/pam.d/cron @include common-auth auth required pam_env.so @include common-account @include common-session # Sets up user limits, please define limits for cron tasks # through /etc/security/limits.conf session required pam_limits.so --Erik |