[30570] in Kerberos
Re: disabling krb524d attempts - causes login hangs
daemon@ATHENA.MIT.EDU (Russ Allbery)
Fri Dec 19 14:48:12 2008
To: Fletcher Cocquyt <fcocquyt@stanford.edu>
In-Reply-To: <loom.20081219T170629-685@post.gmane.org> (Fletcher Cocquyt's
message of "Fri\, 19 Dec 2008 17\:16\:13 +0000 \(UTC\)")
From: Russ Allbery <rra@stanford.edu>
Date: Fri, 19 Dec 2008 11:47:34 -0800
Message-ID: <87ocz8q755.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Fletcher Cocquyt <fcocquyt@stanford.edu> writes:
> per the man page: http://linux.die.net/man/8/pam_krb5
>
> It had no effect - even after restarting the sshd service
Judging from the man page, this is the Red Hat pam-krb5 module. I know
that other people around Stanford have had a ton of problems with delays
caused by that module and its attempts to get Kerberos v4 tickets.
There's probably some way to fix it, but the most common solution has been
to just get rid of it and run a different PAM module.
Probably not surprisingly, all the Stanford central infrastructure systems
use my PAM module:
http://www.eyrie.org/~eagle/software/pam-krb5/
I wrote it to never try to get Kerberos v4 tickets, so it shouldn't have
this problem. Switching to it has fixed the problem for a number of Red
Hat users around campus.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
