[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: strange errors from pam-krb5



The other systems are OpenSSH but may be a little older...  The problem
you speak of, Does it allow access just not create the ticket cache?
You can get into the system and after you are in, can manually run
kinit and get your TGT and the system creates the ticket cache as it
should... I know one difference in the builds is that the new build
of SSH has tcpwrapper support and the old does not.. One of the reasons
for the update... is to build in a little more protection...

See-ya
Mitch


At 12:40 PM 11/28/2001 -0600, Steve Langasek wrote:
Hi Mitch,

On Wed, Nov 28, 2001 at 01:25:08PM -0500, Mitchell Baker wrote:
> Background:

> Solaris 8 system which has had Titan run on it.  Using the pam-krb5
> module from Sourceforge.  Will authenticate but will not create ticket
> cache.. Get this following error in the logs:

> Nov 27 16:46:51 SYSTEM sshd[644]: [ID 551190 auth.debug] pam_krb5:
> pam_sm_authenticate(sshd USERNAME): entry:
> Nov 27 16:46:51 SYSTEM sshd[644]: [ID 551190 auth.debug] pam_krb5:
> pam_sm_authenticate(sshd USERNAME): exit: success
> Nov 27 16:46:51 SYSTEM sshd[644]: [ID 800047 auth.debug] debug1: PAM
> Password authentication accepted for user "USERNAME"

> Any ideas?  This is working on other system we have. The main diff is
> Titan was not run on them...

Hmm, are you using the same ssh server (vendor & version) on both
machines?  I have personally had no problems using password
authentication with pam_krb5 in OpenSSH, although there's a known issue
where OpenSSH compiled with PAM support will not allow RSA
authentication when configured to use this pam_krb5 module, because
OpenSSH incorrectly treats an error code from pam_setcred() as fatal
when it should not be.

Regards,
Steve Langasek
postmodern programmer

/####################################################################/ /# Mitchell "Buzz" Baker "To Infinity And Beyond..." #/ /# Sr. Systems Admin Rose-Hulman Institute of Technology #/ /# Mitchell.D.Baker@rose-hulman.edu www.rose-hulman.edu #/ /# For PGP Public key, check out www.keyserver.net #/ /####################################################################/





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []