[32522] in Kerberos
Re: pam_krb5 questions
daemon@ATHENA.MIT.EDU (Russ Allbery)
Sun Jul 18 22:57:44 2010
From: Russ Allbery <rra@stanford.edu>
To: Techie <techchavez@gmail.com>
In-Reply-To: <AANLkTil4s2ogrYBt83MChcQS7He7Og3ME0Ce0zDVVVow@mail.gmail.com>
(Techie's message of "Sun, 18 Jul 2010 19:36:51 -0700")
Date: Sun, 18 Jul 2010 19:57:40 -0700
Message-ID: <874ofwuqjf.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Techie <techchavez@gmail.com> writes:
> I have your pam_krb5 module working with RHEL5 but I am having issues on
> RHEL4. When I replace the RHEL pam_krb5 with the eyrie module I can't
> log in. It looks like the pam_krb5 is indeed aurthenticating me though
> as seen below, well it says authenticated as the krb user. I am using
> the newest module or 4.3. Looks like pam_krb5 is authenticating but
> pam_unix is choking even though pam_krb5 is sufficient. As I said if I
> use the RHEL module it works but I need the extra functionality of your
> module. Will an older version of your module work possibly?
All versions of the module should work fine on RHEL4. We've been using it
on RHEL4 since version 2.0, up to and including 4.3.
Could you provide the PAM configuration that's being used for ssh? This
part:
> sshd: PAM pam_parse: expecting return value; [...suficient]
> sshd(pam_unix)[28825]: authentication failure; logname= uid=0 euid=0
> tty=ssh ruser= rhost=rhel4test user=joe_johnson
looks like you have a syntax error in your PAM configuration, which will
cause all authentications to fail.
Also try adding debug to the PAM options for pam_krb5 and pam_unix
everywhere they're run and then look in your syslog for the additional
debugging output.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
