RHN satellite problem!

Nirmal Pathak nirmal.pathak at gmail.com
Thu May 15 09:24:23 UTC 2008


Hi,

I have users in more than one kerberos realm and am having trouble
enabling PAM authentication for all of them.

Users in the default realm can login to Satellite but others cannot.
Here default realm is AMER.EXAMPLE.COM in krb5.conf.

--krb5.conf--
[libdefaults]
default_realm = AMER.EXAMPLE.COM
--krb5.conf--

The syslog error generated when someone not in the default realm tries
to login is shown below.

--logs--
Apr 28 03:43:23 skeeter java: pam_krb5[25429]: authentication fails for
'iejacobp' (iejacobp at AMER.EXAMPLE.COM): User not known to the underlying
authentication module (Client not found in Kerberos database)
--logs--

The user 'iejacobp' is in the EMEA.EXAMPLE.COM realm, but because only
the bare username is passed by satellite to PAM, kerberos tries to use
the default realm to authenticate.

I am using kerberos to authenticate against Active Directory.

Is there a way to specify the realm when logging in?

Thanks & Regards,

Nirmal D Pathak.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I was born free!
No Gates and Windows can restrict my Freedom!!

Enjoy Linux!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



More information about the redhat-list mailing list