[32521] in Kerberos
Re: pam_krb5 questions
daemon@ATHENA.MIT.EDU (Techie)
Sun Jul 18 22:36:59 2010
MIME-Version: 1.0
In-Reply-To: <877hkwquks.fsf@windlord.stanford.edu>
Date: Sun, 18 Jul 2010 19:36:51 -0700
Message-ID: <AANLkTil4s2ogrYBt83MChcQS7He7Og3ME0Ce0zDVVVow@mail.gmail.com>
From: Techie <techchavez@gmail.com>
To: Russ Allbery <rra@stanford.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Russ,
I have your pam_krb5 module working with RHEL5 but I am having issueson RHEL4. When I replace the RHEL pam_krb5 with the eyrie module Ican't log in. It looks like the pam_krb5 is indeed aurthenticating methough as seen below, well it says authenticated as the krb user. I amusing the newest module or 4.3. Looks like pam_krb5 is authenticatingbut pam_unix is choking even though pam_krb5 is sufficient. As I saidif I use the RHEL module it works but I need the extra functionalityof your module. Will an older version of your module work possibly?
I am thinking the "sshd: PAM pam_parse: expecting return value;[...suficient]" may be the issue as seen below.
ThanksTC
##Secure log##sshd[28791]: pam_krb5(sshd): pam_sm_authenticate: entry (0x1)sshd[28791]: pam_krb5(sshd): user joe_johnson authenticated asjoe_johnson@EXAMPLE.COMsshd[28791]: pam_krb5(sshd): pam_sm_authenticate: exit (success)sshd[28791]: Failed password for joe_johnson from ::ffff:127.0.0.1port 34431 ssh2sshd[28792]: Connection closed by ::ffff:127.0.0.1
##Messages Log##sshd: PAM pam_parse: expecting return value; [...suficient]sshd(pam_unix)[28825]: authentication failure; logname= uid=0 euid=0tty=ssh ruser= rhost=rhel4test user=joe_johnson
On Thu, Jul 15, 2010 at 2:54 PM, Russ Allbery <rra@stanford.edu> wrote:> Techie <techchavez@gmail.com> writes:>>>> I don't know of any reason why it shouldn't work with sudo, but I don't>>> personally use sudo and don't have any simple way to test. I'd need to>>> see the debug log output to understand exactly what it's doing.>>> You are right Russ, It was my mistake.>> You don't use sudo! What do you use?>> ksu, or probably more accurately, we use Puppet to do all of the regular> configuration management and to ensure services are running, so the small> handful of times when we need root access to debug something, we just ksu> or log in as root.Good to know, I looked at ksu, it has got me interested.>> We do use sudo a few places to grant normal users access to do things like> run specific init scripts, but we always use NOPASSWD for those cases.>> --> Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>>> ________________________________________________> Kerberos mailing list Kerberos@mit.edu> https://mailman.mit.edu/mailman/listinfo/kerberos>
________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
