[39432] in Kerberos
Re: Error - sudo: account validation failure, is your account locked?
daemon@ATHENA.MIT.EDU (Dan Mahoney)
Wed Jun 5 01:06:23 2024
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.600.62\))
From: Dan Mahoney <danm@prime.gushi.org>
In-Reply-To: <CAJDiwpVyCL_yhoib8AHSCA3bbAi91tU6pVcDrUsw+ndAykfD+Q@mail.gmail.com>
Date: Wed, 5 Jun 2024 01:04:30 -0400
Cc: kerberos@mit.edu
Message-Id: <F5A20ECF-B175-4265-9041-88BE3F640696@prime.gushi.org>
To: hareesh kumar <hareeshkumarperugupalli@gmail.com>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
> On May 29, 2024, at 08:21, hareesh kumar <hareeshkumarperugupalli@gmail.com> wrote:
>
> Hi Team
>
> I am upgrading kerberos latest version 1.21.2 from 1.18 version using
> docker file .
> Basically I am installing the kerberos from the community page, unzip and
> use it in our application.
>
> After i installed kerberos and added a new user named kdcuser , gave all
> the root access to it in the docker file and when i try to create new
> directory as in /etc directory krb5kdc. I am getting this error message as
> "sudo: account validation failure, is your account locked?
> sudo: a password is required".
>
> Kindly help me out with this issue
> here are the docker file steps i am using
> ENV PATH=/usr/local/go/bin:/usr/local/bin:$PATH \
> LANG=C.UTF-8 \
> DEBIAN_FRONTEND=noninteractive
> ENV KRB5_KDC_PROFILE=/etc/krb5kdc/kdc.conf
>
> # Setting up variable for Kerberos version
> ARG KERBEROS_VERSION=1.21.2
> ARG GO_VERSION=1.19.1
>
> # Download and Install Openssl and OpenSSL FIPS Component
> RUN set -ex \
> && apt-get update -y \
> && apt-get -y install curl perl build-essential bison flex libssl-dev xinetd
> sudo supervisor iputils-ping vim wget git file \
> && mkdir -p /usr/local/src/ \
> && cd /usr/local/src/ \
> && curl -O https://kerberos.org/dist/krb5/1.21/krb5-1.21.2.tar.gz \
> && wget https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz \
> && file krb5-1.21.2.tar.gz \
> #&& gunzip krb5-1.21.2.tar.gz \
> && mkdir -p /var/lib/krb5kdc \
> && mkdir -p /etc/krb5kdc \
> && tar -xvf krb5-1.21.2.tar.gz \
> && tar -xzf go${GO_VERSION}.linux-amd64.tar.gz -C /usr/local/ \
> && cd krb5-${KERBEROS_VERSION}/src \
> && ./configure --with-crypto-impl=openssl --with-prng-alg=os
> --localstatedir=/var/lib/ \
> && LDFLAGS="-L/usr/local/lib64" CPPFLAGS="-I/usr/local/include" ./configure
> --with-crypto-impl=openssl --with-prng-alg=os --localstatedir=/var/lib/ \
> && make \
> && make install \
> && apt-get remove -y build-essential bison flex mailutils-common \
> && apt-get remove -y --purge mysql\* \
> && apt-get autoclean \
> && apt-get clean
>
> RUN adduser --disabled-password --gecos '' kdcuser
> RUN echo '%sudo ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
> RUN echo "kdcuser ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
> RUN adduser kdcuser sudo
> RUN addgroup kdcuser tty
> RUN usermod -G root kdcuser
>
> USER kdcuser
>
> # Creating dir to store Go bin and KRB5 Config files
> RUN sudo mkdir -p /opt/ibm/go \
> && sudo mkdir -p /etc/krb5kdc
This doesn’t sound like a kerberos question, this sounds entirely like a problem with sudo, unless your sudo auth inside docker is somehow configured to work against kerberos. Is it?
-Dan
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
