Production server rp7410 hp11v2, Test server rp5450 hp11v2 both have
Dec '07 Quality Pack installed. Both up to date on patches. Network
is a Windows Active Directory (AD).

The Test server is a clone of the Production server, and I've been
working with HP support on a couple of sambaclient problems. We have
been using the Test server to try solutions and when we are confident
the changes/patches works on the Test sever I do the same changes on
the Production server.

Before I started to make any changes on the Production server users
could use either their 'network' or their 'unix' (local) passwords
when logging in. However somewhere along the way this stopped working
on the Production server for thoses people that their network and
local unix passwords are different, it still works on the Test server.

syslogs does show this, when some with different passwords ties
network password first:

Mar 12 14:33:02 leto sshd[12931]: while verifying tgt[Unknown code
____ 255]
Mar 12 14:33:02 leto sshd[12931]: [Authentication failed] Password not
valid
Mar 12 14:33:08 leto sshd[12931]: error: PAM: Authentication failed
for User1 from uaxxxx.graceland.edu
Mar 12 14:33:11 leto sshd[12931]: [Authentication failed] Password not
valid
Mar 12 14:33:11 leto sshd[12931]: Accepted password for User1 from
10.125.xx.xx port 4891 ssh2
Mar 12 14:33:11 leto sshd[12931]: Pam Creds are not available


To the best of my knowledge both servers are configured the same for
Kerberos and PAM. I have checked /etc/krb5.conf & /etc/pam.krb5 on
both systems and they are identical. (HP support wanted me to change
which AD server we point to) Changing the file back has no affect.

Besides /etc/krb5.conf what other files might I look at so see if
there is some slight difference between the two servers that Kerberos
uses?

John