[31601] in Kerberos
pam_krb5 3.15 (No credentials cache file found while setting cache
daemon@ATHENA.MIT.EDU (CT)
Mon Oct 19 19:38:11 2009
MIME-Version: 1.0
Date: Mon, 19 Oct 2009 16:35:54 -0700
Message-ID: <dc9bb4ce0910191635u7b681d80r99842868a16f8296@mail.gmail.com>
From: CT <caltri@gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I've just compiled pam_krb5 using Russ's version 3.15 with MIT krb5
1.7. Client is Solaris 8 and kerberos is setup to authenticate to
Windows Active Directory. The issue is that the credentials cache
file never gets created in /tmp after login. it accepts the password
but I'm getting the message below when I do a klist
klist: No credentials cache file found while setting cache flags
(ticket cache /tmp/krb5cc_1256_7Ia4n0)
Does anyone know what the problem is and how to resolve this ?
Using kinit is fine.
Here's the contents of /etc/pam.conf
# more /etc/pam.conf
#
# ident "@(#)pam.conf 1.19 03/01/10 SMI"
#
# Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# PAM configuration
#
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
#
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth sufficient pam_krb5.so use_first_pass
login auth required pam_unix_auth.so.1
login auth required pam_dial_auth.so.1
#
# su (explicit to provide failsafe root access during testing
su auth requisite pam_authtok_get.so.1
su auth required pam_unix_auth.so.1
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth sufficient pam_krb5.so use_first_pass
rlogin auth required pam_unix_auth.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_auth.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_unix_auth.so.1
ppp auth required pam_dial_auth.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authenctication
#
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth sufficient pam_krb5.so use_first_pass forwardable
other auth required pam_unix_auth.so.1
#
# passwd command (explicit because of a different authentication module)
#
passwd auth required pam_passwd_auth.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron account required pam_projects.so.1
cron account required pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other account requisite pam_roles.so.1
other account required pam_projects.so.1
other account sufficient pam_krb5.so
other account required pam_unix_account.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other session optional pam_krb5.so debug
other session required pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
#
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional pam_krb5.so.1 try_first_pass
#login auth optional pam_krb5.so.1 try_first_pass
#other auth optional pam_krb5.so.1 try_first_pass
#cron account optional pam_krb5.so.1
#other account optional pam_krb5.so.1
#other session optional pam_krb5.so.1
#other password optional pam_krb5.so.1 try_first_pass
Thanks!
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
