[35850] in Kerberos
Re: Debugging Suse krb pam for ssh session?
daemon@ATHENA.MIT.EDU (Robert Wehn)
Wed Mar 12 04:32:11 2014
Message-ID: <53201B79.5020106@rz.uni-augsburg.de>
Date: Wed, 12 Mar 2014 09:31:53 +0100
From: Robert Wehn <robert.wehn@rz.uni-augsburg.de>
MIME-Version: 1.0
To: =?UTF-8?B?0L7Qu9GM0LPQsCDQutGA0YvQttCw0L3QvtCy0YHQutCw0Y8=?=
<olga.kryzhanovska@gmail.com>
In-Reply-To: <CA+OH3v3BBtk9hyP8d+K1eHdKhW6KjHNYJgOPA+eEyq-KeKEH5Q@mail.gmail.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Am 12.03.2014 02:30, schrieb ольга крыжановская:
> Does anyone know how I can debug kerberos pam on Linux? We have a new
> krb5 server running on stock Suse 11.3 on which a user test001 is
> configured. Logging in into that local account works on the server and
> gives automagic a krb5 ticket.
I'm not sure how pam is configured in Suse Linux.
In Debian/Ubuntu i would look into
/etc/pam.d/auth-common (or the other auth modules there)
to see which modules are used and "requisite" "sufficient" "optional" ...
Maybe its all in one file like /etc/pam.conf in Suse ...
"man pam.conf" for the details.
What do you plan to do:
- Lock in with a local account and get a kerberos ticket in addition
(for the local user)
- have a password only in kerberos *or* locally on the machine
> However, on the client machine, which runs Suse 12.3, which uses the
> server as kdc, I do not get a krb5 ticket automagically if I ssh into
> it, while a later kinit gives me the desired ticket.
please provide the pam config files of server and client.
Robert.
--
Dr. Robert Wehn ........................ http://www.rz.uni-augsburg.de
Universität Augsburg, Rechenzentrum ............. Tel. (0821) 598-2047
86135 Augsburg .................................. Fax. (0821) 598-2028
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
