[24193] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Solaris 9 Pam problem

daemon@ATHENA.MIT.EDU (scanell)
Thu Jun 30 17:51:45 2005

Message-ID: <42C468D6.1070808@jpl.nasa.gov>
Date: Thu, 30 Jun 2005 14:49:10 -0700
From: scanell <scanell@jpl.nasa.gov>
MIME-Version: 1.0
To: Kerberos list <kerberos@mit.edu>
In-Reply-To: <BEE95910.15C8%drwachd@sandia.gov>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

If you are using the /usr/lib/security/pam_krb5.so.1 module, then you 
have to place a copy or a link of the krb5.conf into the /etc/krb5 
directory.... that is where solaris 9 pam module looks for the krb5.conf 
file!

Steve

Daniel Wachdorf wrote:

>I am trying to setup pam (with su for starters) on a solaris 9 system.  Its
>up to date with all the recommended patches.
>
>I have a valid krb5.conf file in /etc/ and sym-linked to
>/etc/krb5/krb5.conf.  It has the following in libdefaults:
>
>default_tkt_enctypes = des-cbc-crc
>default_tgs_enctypes = des-cbc-crc
>
>I created a keytab and symlinked it to /etc/krb5/krb5.keytab.
>
># klist -e -k /etc/krb5/krb5.keytab
>Keytab name: FILE:/etc/krb5/krb5.keytab
>KVNO Principal
>---- 
>--------------------------------------------------------------------------
>   2 host/vmtest2c.sandia.gov@dce.sandia.gov
><mailto:host/vmtest2c.sandia.gov@dce.sandia.gov>  (DES-CBC-CRC)
>   2 host/vmtest2c.sandia.gov@dce.sandia.gov
><mailto:host/vmtest2c.sandia.gov@dce.sandia.gov>  (DES-CBC-MD5)
>
>I have my /etc/hosts file with (IP address X to protect the innocent):
>
># cat /etc/hosts
>#
># Internet host table
>#
>127.0.0.1       localhost
>134.253.X.X  vmtest2c.sandia.gov vmtest2c    loghost
>
>I added the following to my pam.conf:
>
>su   auth sufficient         pam_krb5.so.1
>su   account sufficient      pam_krb5.so.1
>
>When I go to su as a Kerberos account I get:
>
>bash-2.05$ su drwachdz
>Enter Kerberos password for drwachdz:
>authentication failed:  Bad encryption type
>
>The log files show:
>
>Jun 29 16:35:06 vmtest2c su: [ID 537602 auth.error] PAM-KRB5 (auth):
>krb5_verify_init_creds failed: Bad encryption type
>
>Any ideas?
>
>-dan
>
>
>________________________________________________
>Kerberos mailing list           Kerberos@mit.edu
>https://mailman.mit.edu/mailman/listinfo/kerberos
>
>  
>
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
home help back first fref pref prev next nref lref last post