[32523] in Kerberos
Re: pam_krb5 questions
daemon@ATHENA.MIT.EDU (Techie)
Sun Jul 18 23:04:18 2010
MIME-Version: 1.0
In-Reply-To: <874ofwuqjf.fsf@windlord.stanford.edu>
Date: Sun, 18 Jul 2010 20:04:14 -0700
Message-ID: <AANLkTiknLWDei7Bl_GKnbMjsVf5JUAQcFjQVQY4UqcTK@mail.gmail.com>
From: Techie <techchavez@gmail.com>
To: Russ Allbery <rra@stanford.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Sun, Jul 18, 2010 at 7:57 PM, Russ Allbery <rra@stanford.edu> wrote:> Techie <techchavez@gmail.com> writes:>>> I have your pam_krb5 module working with RHEL5 but I am having issues on>> RHEL4. When I replace the RHEL pam_krb5 with the eyrie module I can't>> log in. It looks like the pam_krb5 is indeed aurthenticating me though>> as seen below, well it says authenticated as the krb user. I am using>> the newest module or 4.3. Looks like pam_krb5 is authenticating but>> pam_unix is choking even though pam_krb5 is sufficient. As I said if I>> use the RHEL module it works but I need the extra functionality of your>> module. Will an older version of your module work possibly?>> All versions of the module should work fine on RHEL4. We've been using it> on RHEL4 since version 2.0, up to and including 4.3.>> Could you provide the PAM configuration that's being used for ssh? This> part:>>> sshd: PAM pam_parse: expecting return value; [...suficient]>> sshd(pam_unix)[28825]: authentication failure; logname= uid=0 euid=0>> tty=ssh ruser= rhost=rhel4test user=joe_johnson>> looks like you have a syntax error in your PAM configuration, which will> cause all authentications to fail.Russ, I apologize, too many hours this weekend you are again correct.If you look at my message above I misspelled sufficient in the authstack. Quite embarrassing, I spent 3 hours on this too.. As soon as Ifixed that it works fine.Thanks for the quick response and the heads up on ksu by the way.
TC>> Also try adding debug to the PAM options for pam_krb5 and pam_unix> everywhere they're run and then look in your syslog for the additional> debugging output.>> --> Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>>
________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
