[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

PAM, Listfile, Kerberos, and Login woes



Hey,

I have configured PAM for a system to allow people in a file in /etc/ to
login. This is similar to the realm kit configuration for those of you
who are at NCSU and use realm linux (its actually a copy of the file
referred to by pam_stack.so). Everything as far as allowing logins to
users works fine, anyone in my file in /etc/ can login. The root user
can also login. After a user that is disallowed from the system (not in
my listfile but is a valid kerberos user)attempts to login and gets
denied a different valid new user can not login until the login program
times out and restarts. I am baffled as to why this is happening. 

The following is the contents of /etc/pam.d/login and the output from
/var/log/auth.log

auth        sufficient    pam_unix.so likeauth nullok debug
auth        required      pam_krb5.so use_first_pass debug
auth        required      pam_listfile.so item=user sense=allow
file=/etc/users.local
account     sufficient    pam_unix.so debug
account     required      pam_deny.so debug
password    sufficient    pam_unix.so nullok use_authtok md5 shadow
debug
password    sufficient    pam_krb5.so use_authtok debug
password    required      pam_deny.so debug
session     required      pam_limits.so debug
session     required      pam_unix.so debug
session     optional      pam_krb5.so debug

====
LOG
====
***THIS IS A VALID KERBEROS USER ATTEMPTING LOGIN ****
***THEY ARE NOT IN THE /etc/users.local file *********
Dec  8 15:47:25 fisher PAM_unix[21966]: authentication failure;
root(uid=0) -> mppetrov for login service
Dec  8 15:47:25 fisher login[21966]: pam_krb5: pam_sm_authenticate(login
mppetrov): entry:
Dec  8 15:47:25 fisher login[21966]: pam_krb5: verify_krb_v5_tgt():
krb5_kt_read_service_key(): No such file or directory
Dec  8 15:47:25 fisher login[21966]: pam_krb5: pam_sm_authenticate(login
mppetrov): exit: success
Dec  8 15:47:25 fisher login[21966]: PAM-listfile: Refused user mppetrov
for service login
Dec  8 15:47:28 fisher login[21966]: FAILED LOGIN (1) on `pts/3' FOR
`mppetrov', Authentication failure

**** HERE IS THE ATTEMPT DIRECTLY AFTERWARDS TO TRY TO ALLOW ****
**** A VALID USER IN ALL ASPECTS TO LOGIN, HE CAN LOGIN NORMALLY ****
**** IF HE GOES FIRST						*****
Dec  8 15:47:35 fisher PAM_unix[21966]: authentication failure;
root(uid=0) -> waparris for login service
Dec  8 15:47:35 fisher login[21966]: pam_krb5: pam_sm_authenticate(login
waparris): entry:
Dec  8 15:47:35 fisher login[21966]: pam_krb5: verify_krb_v5_tgt():
krb5_kt_read_service_key(): No such file or directory
Dec  8 15:47:35 fisher login[21966]: pam_krb5: pam_sm_authenticate(login
waparris): pam_get_data(): ccache data already present
Dec  8 15:47:35 fisher login[21966]: pam_krb5: pam_sm_authenticate(login
waparris): exit: failure
Dec  8 15:47:37 fisher login[21966]: FAILED LOGIN (2) on `pts/3' FOR
`waparris', Authentication failure

Any input is welcome here, as I am out of ideas.

Cheers,
-- 
Adam Parrish
Asst. Linux Administrator
ECE Dept, North Carolina State University
Office: 919.515.0124




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]