[24192] in Kerberos
Solaris 9 Pam problem
daemon@ATHENA.MIT.EDU (Daniel Wachdorf)
Thu Jun 30 17:28:10 2005
Date: Thu, 30 Jun 2005 08:08:48 -0600
From: "Daniel Wachdorf" <drwachd@sandia.gov>
To: "Kerberos list" <kerberos@mit.edu>
Message-ID: <BEE95910.15C8%drwachd@sandia.gov>
MIME-Version: 1.0
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I am trying to setup pam (with su for starters) on a solaris 9 system. Its
up to date with all the recommended patches.
I have a valid krb5.conf file in /etc/ and sym-linked to
/etc/krb5/krb5.conf. It has the following in libdefaults:
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
I created a keytab and symlinked it to /etc/krb5/krb5.keytab.
# klist -e -k /etc/krb5/krb5.keytab
Keytab name: FILE:/etc/krb5/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
2 host/vmtest2c.sandia.gov@dce.sandia.gov
<mailto:host/vmtest2c.sandia.gov@dce.sandia.gov> (DES-CBC-CRC)
2 host/vmtest2c.sandia.gov@dce.sandia.gov
<mailto:host/vmtest2c.sandia.gov@dce.sandia.gov> (DES-CBC-MD5)
I have my /etc/hosts file with (IP address X to protect the innocent):
# cat /etc/hosts
#
# Internet host table
#
127.0.0.1 localhost
134.253.X.X vmtest2c.sandia.gov vmtest2c loghost
I added the following to my pam.conf:
su auth sufficient pam_krb5.so.1
su account sufficient pam_krb5.so.1
When I go to su as a Kerberos account I get:
bash-2.05$ su drwachdz
Enter Kerberos password for drwachdz:
authentication failed: Bad encryption type
The log files show:
Jun 29 16:35:06 vmtest2c su: [ID 537602 auth.error] PAM-KRB5 (auth):
krb5_verify_init_creds failed: Bad encryption type
Any ideas?
-dan
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
