[31678] in Kerberos
Re: Problem using Kerberos for user authentication
daemon@ATHENA.MIT.EDU (Javier Palacios)
Wed Nov 11 10:47:50 2009
MIME-Version: 1.0
In-Reply-To: <1257932764.3112.444.camel@localhost>
Date: Wed, 11 Nov 2009 16:46:54 +0100
Message-ID: <a64bf030911110746k5fe5b8b6g9d775b1768a92221@mail.gmail.com>
From: Javier Palacios <javiplx@gmail.com>
To: Braden McDaniel <braden@endoframe.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
> I'm trying to get off the ground setting up Kerberos on a Fedora 11 box.
> I've attempted to follow the instructions here:
> http://aput.net/~jheiss/krbldap/howto.html
That is a pretty old howto (probably older than fedora).
> I've tried both changing the password field for the user in /etc/shadow
> to "*K*" (as mentioned in the howto) and removing the user's entry
> in /etc/shadow altogether--in both cases login fails.
The '*K*' thing is probably innacurate. I've never used, and had
success in debian, fedora and RHEL. And removing the user entry in
/etc/shadow (without changes in /etc/passwd) should produce a
non-usable account, either with kerberos or whichever auth method.
> Any ideas what the problem might be? Or where else I should be looking
> to find out?
Just in case, you need to be able to `kinit username` (without the /admin).
And for the pam_krb5 lines on system-auth, you can add 'debug' and
will get some extra info on syslog.
And following the question from Ryan, I recommend you to check first
with console, then with ssh and finally with any window based login.
Javier Palacios
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
