[35967] in Kerberos
Re: error: PAM: User account has expired for wlin from
daemon@ATHENA.MIT.EDU (daemon@ATHENA.MIT.EDU)
Tue Apr 1 04:59:11 2014
Message-ID: <533A7FD3.1050509@2e-systems.com>
Date: Tue, 01 Apr 2014 10:58:59 +0200
From: "Predrag Zecevic [Unix Systems Administrator]"
<Predrag.Zecevic@2e-systems.com>
MIME-Version: 1.0
To: Wendy Lin <wendlin1974@gmail.com>
In-Reply-To: <CA+j=ERrontQA5N0LS8GTkcFfeU2XnYF5QsB7fW5gmc4GoVpawA@mail.gmail.com>
Cc: "<kerberos@mit.edu>" <kerberos@mit.edu>
Reply-To: Predrag.Zecevic@2e-systems.com
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 04/ 1/14 10:54 AM, Wendy Lin wrote:
> On 1 April 2014 10:29, Predrag Zecevic [Unix Systems Administrator]
> <Predrag.Zecevic@2e-systems.com> wrote:
>> On 04/ 1/14 10:16 AM, Wendy Lin wrote:
>>> On 18 March 2014 22:11, Wendy Lin <wendlin1974@gmail.com> wrote:
>>>> Can anyone explain this pam error to me? I have configured a machine
>>>> (192.168.2.105) as Kerberos5 client on Suse 12.3 via yast talking to
>>>> the kdc at 192.168.2.98 and now get this error on the client if I try
>>>> to log in via ssh:
>>>>
>>>> 2014-03-18T22:04:20.877103+01:00 susevm001 sshd[2567]: error: PAM:
>>>> User account has expired for wlin from hongkong.test.org
>>>> 2014-03-18T22:04:20.879799+01:00 susevm001 sshd[2567]: Connection
>>>> closed by 192.168.2.98 [preauth]
>>>> 2014-03-18T22:04:29.760068+01:00 susevm001 sshd[2571]: error: PAM:
>>>> User account has expired for wlin from nexentapuzzle.nrubsig.org
>>>
>>> Anyone?
>>>
>>> Wendy
>> Hi Wendy,
>>
>> I would check if user account is not locked or it has valid, not expired password on system (/etc/shadow)
>
> I already did, and the Unix account itself is fine. The problem
> started when I added the Kerberos5 auth to the mix
>
> Wendy
>
Hi,
so, then I would double check ssh configuration (if includes GSSAPI directives), first on client side and then on server.
Also, set debug on and check corresponding log files:
a) sshd_config: "LogLevel DEBUG"
b) /etc/krb5.conf (or specific location):
[appdefaults]
pam = {
debug = false
...
I wish you luck.
Regards.
--
Predrag Zečević, Technical Support Analyst, 2e Systems GmbH
Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile: +49 174 3109 288, Skype: predrag.zecevic
E-mail: predrag.zecevic@2e-systems.com
Headquarter: 2e Systems GmbH, Königsteiner Str. 87,
65812 Bad Soden am Taunus, Germany
Company registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director: Phil Douglas
http://www.2e-systems.com/ - Making your business fly!
[***]===---
I did this 'cause Linux gives me a woody. It doesn't generate revenue. -- Dave '-ddt->` Taylor, announcing DOOM for Linux
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
