[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: strange errors from pam-krb5



Nico...

I'm using the latest version from Openssh from the openssh site... Unzip,
configure and make...  My configure line just adds in support for
pam install local dir and that is about it...  Pretty simple configuration
and install.

Yes it is an interactive login.. The log shows it setting up the pty.
I gain access.. the only thing that is not happening is the credential cache
is not being saved to disk...  It is authenticating to the KDC I can see that
in the KDC logs....

The differences in the systems:

Authenticating and setting up credential cache
Solaris 8
Openssh 2.5.2p2 (one reason I'm trying to get the latest installed )
MIT KRB5 1.2.2

Authenticating but NOT setting up credential cache
Solaris 8
OpenSSH_3.0.1p1
MIT KRB5 1.2.2


The pam.conf is the same on both and so is the sshd_config


Do have the debug option on with the pam_krb5. Here is more of the logs.
With logout...


Nov 29 08:04:26 system sshd[880]: [ID 551190 auth.debug] pam_krb5: pam_sm_authenticate(sshd mdbaker): entry:
Nov 29 08:04:26 system sshd[880]: [ID 551190 auth.debug] pam_krb5: pam_sm_authenticate(sshd mdbaker): exit: success
Nov 29 08:04:26 system sshd[880]: [ID 248316 auth.debug] pam_krb5: pam_sm_acct_mgmt(sshd mdbaker): entry:
Nov 29 08:04:26 system sshd[880]: [ID 248316 auth.debug] pam_krb5: pam_sm_acct_mgmt(sshd mdbaker): exit: success
Nov 29 08:04:26 system sshd[880]: [ID 800047 auth.info] Accepted password for mdbaker from xxx.xxx.xxx.xxx port 35740 ssh2
Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5: pam_sm_setcred(sshd mdbaker): entry:
Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5: pam_sm_setcred(sshd mdbaker): chown(): Not owner
Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5: pam_sm_setcred(sshd mdbaker): exit: failure
Nov 29 08:04:26 system sshd[880]: [ID 833576 auth.debug] pam_setcred: error Error in underlying service module
Nov 29 08:04:26 system sshd[880]: [ID 993013 auth.debug] pam_sm_setcred(): no module data
Nov 29 08:04:44 system sshd[880]: [ID 833576 auth.debug] pam_setcred: error Error in underlying service module
Nov 29 08:04:44 system sshd[880]: [ID 833576 auth.debug] pam_setcred: error Permission denied


When I turn on DEBUG for SSH you can also see the pty getting setup...


Thanks


See-ya
Mitch

At 03:10 PM 11/28/2001 -0500, you wrote:
Are you by any chance using an openssh kludged not to call pam_setcred
or something of the sort?

Are you doing an interactive login (i.e., with a pty/tty)?

Did you add the 'debug' to the pam_krb5 config lines?

Nico


On Wed, Nov 28, 2001 at 01:25:08PM -0500, Mitchell Baker wrote: > Background: > > Solaris 8 system which has had Titan run on it. Using the pam-krb5 > module from Sourceforge. Will authenticate but will not create ticket > cache.. Get this following error in the logs: > > Nov 27 16:46:51 SYSTEM sshd[644]: [ID 551190 auth.debug] pam_krb5: > pam_sm_authenticate(sshd USERNAME): entry: > Nov 27 16:46:51 SYSTEM sshd[644]: [ID 551190 auth.debug] pam_krb5: > pam_sm_authenticate(sshd USERNAME): exit: success > Nov 27 16:46:51 SYSTEM sshd[644]: [ID 800047 auth.debug] debug1: PAM > Password authentication accepted for user "USERNAME" > > Any ideas? This is working on other system we have. The main diff is > Titan was not run on them... > > Thanks.. > > See-ya > Mitch > > > /####################################################################/ > /# Mitchell "Buzz" Baker "To Infinity And Beyond..." #/ > /# Sr. Systems Admin Rose-Hulman Institute of Technology #/ > /# Mitchell.D.Baker@rose-hulman.edu www.rose-hulman.edu #/ > /# For PGP Public key, check out www.keyserver.net #/ > /####################################################################/ > > > > _______________________________________________ > Pam-list mailing list > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list --

Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only
for the individual named.  If you are not the named addressee you
should not disseminate, distribute or copy this e-mail.  Please
notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses.  The sender therefore
does not accept liability for any errors or omissions in the contents
of this message which arise as a result of e-mail transmission.  If
verification is required please request a hard-copy version.  This
message is provided for informational purposes and should not be
construed as a solicitation or offer to buy or sell any securities or
related financial instruments.



_______________________________________________
Pam-list mailing list
Pam-list@redhat.com
https://listman.redhat.com/mailman/listinfo/pam-list

/####################################################################/ /# Mitchell "Buzz" Baker "To Infinity And Beyond..." #/ /# Sr. Systems Admin Rose-Hulman Institute of Technology #/ /# Mitchell.D.Baker@rose-hulman.edu www.rose-hulman.edu #/ /# For PGP Public key, check out www.keyserver.net #/ /####################################################################/





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []