|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
In-Reply-To: <4A0C6D55.4040207@anl.gov> To: kerberos@mit.edu MIME-Version: 1.0 Message-ID: <OF8FF328DE.3741EAAC-ON802575B7.002C34C5-802575B7.002D916F@total.com> From: Matthew.GARRETT@external.total.com Date: Fri, 15 May 2009 09:17:42 +0100 Content-Type: text/plain; charset="utf-8" Errors-To: kerberos-bounces@mit.edu Content-Transfer-Encoding: 8bit "Douglas E. Engert" <deengert@anl.gov> wrote on 14/05/2009 20:13:25: > > Matthew.GARRETT@external.total.com wrote: > > Folks > > > > I am trying to setup a Solaris 8 client to talk to Kerberos / Ldap instead > > of using NIS > > > > Ldap works fine e.g getent passwd > > Displays the LDAP Pasword entries > > > > Kerberos: > > Doing a kinit USERNAME , works fine if I am logged on to the console as > > root user > > So would seem that /etc/krb/krb5.conf is configured correctly. > > > > I have changed /etc/pam.conf to use krb5 > > other password sufficient /usr/lib/security/$ISA/pam_unix.so.1 > > other password required /usr/lib/security/$ISA/pam_krb5. > so.1 use_first_pass > > # > > > Adding debug does not seem to generate aany more details. > Try adding debug as a param on the above line. > > > However when I try and login as a normal user /var/adm/authlog shows the > > following error's > > > > May 14 17:20:48 bruce PAM: [ID 702575 auth.debug] pam_start(telnet ) - > > debug = 1 > > First of all you should not use telnet, as the password maybe sent over > the network in the clear. Consider using ssh. Normaly we do use ssh but for testing turned on telnet In case ssh was causing problems. > > No account present for user > > This says it can not find the account, so there is some issue with > the user account or the nsswitch.conf finding ldap, or how telnet is > passing in the username. > > > add debug options to the pam.conf entries. > > We don't have any Solaris 8 anymore but when we did, we did not use the > Sun version of Kerberos or pam_krb5. We have uses MIT Kerberos and various > pam_krb5 modules. (On Solaris 10 the Sun Kerberos, ssh and pam_krb5 > work well.) > Now that bit is intersting , maybe Solaris 8 stock version of Kerberos is broken. I will download the latest version and see if that makes any differance. Matt Registered in England and Wales No.811900 Registered Office 33 Cavendish Square, London W1G 0PWThis e-mail and any attachments are intended only for the person or entityto whom it is addressed and may contain confidential or privilegedinformation. If you are not the addressee, any disclosure, reproduction,copying, distribution, or use of this communication is strictly prohibited.If you are not the intended recipient or person responsible for deliveringthis message to the named addressee, please notify us immediately and deletethis e-mail.It is the responsibility of the addressee to scan this email and anyattachments for computer viruses or other defects. The sender does notaccept liability for any loss or damage of any nature, however caused,which may result directly or indirectly from this email or any file attached.________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |