[31203] in Kerberos
Re: Solaris 8 Kerberos / Ldap Client Setup
daemon@ATHENA.MIT.EDU (Matthew.GARRETT@external.total.com)
Mon Jun 1 10:33:26 2009
In-Reply-To: <4A0D791D.40400@anl.gov>
To: kerberos@mit.edu
MIME-Version: 1.0
Message-ID: <OFEF2CDC76.7F5EB914-ON802575C8.004EBC1D-802575C8.004F7B64@total.com>
From: Matthew.GARRETT@external.total.com
Date: Mon, 1 Jun 2009 15:28:09 +0100
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Folks
I am still getting problems with Kerberos on Sun Solaris 8
So far I have installed http://www.eyrie.org/~eagle/software/pam-krb5/ Pam
module
With /etc/pam.conf set to debug mode I get the following
Jun 1 15:17:10 bruce login: [ID 305314 auth.debug] load_modules:
/usr/lib/security/pam_unix.so.1
Jun 1 15:17:10 bruce login: [ID 265225 auth.debug] load_function:
successful load of pam_sm_authenticate
Jun 1 15:17:10 bruce login: [ID 305314 auth.debug] load_modules:
/usr/local/lib/security/pam_krb5.so.1
Jun 1 15:17:10 bruce login: [ID 265225 auth.debug] load_function:
successful load of pam_sm_authenticate
Jun 1 15:17:14 bruce login: [ID 859314 auth.debug] pam_set_item(2)
Jun 1 15:17:19 bruce login: [ID 859314 auth.debug] pam_set_item(6)
Jun 1 15:17:19 bruce login: [ID 427203 auth.debug] pam_authenticate:
error Authentication failed
Jun 1 15:17:19 bruce login: [ID 584047 auth.debug] (pam_krb5): none:
pam_sm_authenticate: entry (0x0)
Jun 1 15:17:19 bruce login: [ID 584047 auth.debug] (pam_krb5): mgarrett:
attempting authentication as mgarrett@UK.AD.EP.CORP.LOCAL
Jun 1 15:17:19 bruce login: [ID 859314 auth.debug] pam_set_item(2)
Jun 1 15:17:19 bruce login: [ID 584047 auth.debug] (pam_krb5): mgarrett:
pam_sm_authenticate: exit (success)
Jun 1 15:17:19 bruce login: [ID 859314 auth.debug] pam_set_item(6)
Jun 1 15:17:23 bruce login: [ID 859314 auth.debug] pam_set_item(2)
Jun 1 15:17:23 bruce login: [ID 859314 auth.debug] pam_set_item(8)
Jun 1 15:17:23 bruce login: [ID 859314 auth.debug] pam_set_item(9)
Which I belive is say Password was correct and should be able to login ?
However I do not get a login prompt.
As root doing a su - mgarrett
I get the following
Jun 1 15:25:52 bruce su: [ID 366847 auth.info] 'su mgarrett' succeeded
for root on /dev/pts/1
Jun 1 15:25:52 bruce su[4524]: [ID 942022 auth.debug] pam_setcred()
Jun 1 15:25:52 bruce su[4524]: [ID 305314 auth.debug] load_modules:
/usr/lib/security/pam_unix.so.1
Jun 1 15:25:52 bruce su[4524]: [ID 265225 auth.debug] load_function:
successful load of pam_sm_setcred
Jun 1 15:25:52 bruce su[4524]: [ID 305314 auth.debug] load_modules:
/usr/local/lib/security/pam_krb5.so.1
Jun 1 15:25:52 bruce su[4524]: [ID 265225 auth.debug] load_function:
successful load of pam_sm_setcred
Jun 1 15:25:52 bruce su[4524]: [ID 584047 auth.debug] (pam_krb5): none:
pam_sm_setcred: entry (0x1)
Jun 1 15:25:52 bruce su[4524]: [ID 584047 auth.debug] (pam_krb5): none:
no context found, creating one
Jun 1 15:25:52 bruce su[4524]: [ID 584047 auth.debug] (pam_krb5):
mgarrett: unable to get PAM_KRB5CCNAME, assuming non-Kerberos login
Jun 1 15:25:52 bruce su[4524]: [ID 584047 auth.debug] (pam_krb5): none:
pam_sm_setcred: exit (ignore)
Jun 1 15:25:52 bruce su[4524]: [ID 690057 auth.debug] pam_end(): status =
Success
Can any body shed any further light on this problem.
Thanks
Matthew
Registered in England and Wales No.811900 Registered Office 33 Cavendish Square, London W1G 0PWThis e-mail and any attachments are intended only for the person or entityto whom it is addressed and may contain confidential or privilegedinformation. If you are not the addressee, any disclosure, reproduction,copying, distribution, or use of this communication is strictly prohibited.If you are not the intended recipient or person responsible for deliveringthis message to the named addressee, please notify us immediately and deletethis e-mail.It is the responsibility of the addressee to scan this email and anyattachments for computer viruses or other defects. The sender does notaccept liability for any loss or damage of any nature, however caused,which may result directly or indirectly from this email or any file attached.________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
