[31676] in Kerberos

home help back first fref pref prev next nref lref last post

Problem using Kerberos for user authentication

daemon@ATHENA.MIT.EDU (Braden McDaniel)
Wed Nov 11 04:46:57 2009

From: Braden McDaniel <braden@endoframe.com>
To: kerberos@mit.edu
Date: Wed, 11 Nov 2009 04:46:04 -0500
Message-Id: <1257932764.3112.444.camel@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

I'm trying to get off the ground setting up Kerberos on a Fedora 11 box.
I've attempted to follow the instructions here:

        http://aput.net/~jheiss/krbldap/howto.html

"kinit username/admin" appears to work.  But I can't get system logins
to work.  I've used the authconfig-tui utility to enable Kerberos for
authentication; /etc/pam.d/system-auth looks like this:

        #%PAM-1.0
        # This file is auto-generated.
        # User changes will be destroyed the next time authconfig is run.
        auth        required      pam_env.so
        auth        sufficient    pam_unix.so nullok try_first_pass
        auth        requisite     pam_succeed_if.so uid >= 500 quiet
        auth        sufficient    pam_krb5.so use_first_pass
        auth        required      pam_deny.so
        
        account     required      pam_unix.so broken_shadow
        account     sufficient    pam_localuser.so
        account     sufficient    pam_succeed_if.so uid < 500 quiet
        account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
        account     required      pam_permit.so
        
        password    requisite     pam_cracklib.so try_first_pass retry=3
        password    sufficient    pam_unix.so md5 shadow nis nullok try_first_pass use_authtok
        password    sufficient    pam_krb5.so use_authtok
        password    required      pam_deny.so
        
        session     optional      pam_keyinit.so revoke
        session     required      pam_limits.so
        session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
        session     required      pam_unix.so
        session     optional      pam_krb5.so

I've tried both changing the password field for the user in /etc/shadow
to "*K*" (as mentioned in the howto) and removing the user's entry
in /etc/shadow altogether--in both cases login fails.

Any ideas what the problem might be? Or where else I should be looking
to find out?

-- 
Braden McDaniel <braden@endoframe.com>

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
home help back first fref pref prev next nref lref last post