heimdal problems

[Someone]

Rob Frohwein wrote:

> Hi ,
> 
> I am trying to get heimdal kerbereros5 running on freeBSD4.5.
> The KDC seems to function , I can obtain a ticket from the kdc.
> 
> But the application clients and services like login/logind and
> telnet/telnetd and pam doesnt seem to function after the heimdal install.
> Has anyone had any success with using heimdal on freeBSD.
> I cant get the 'official' MIT version because of US export limitations.
> 
> I am using freeBSD STABLE 4.5
> 
> There are 3 machines K(dc) S(erver) end C(lient).
> In fact K and S are the same machine.
> 
> To install kerberos I did:
> 1 make -DMAKE_KERBEROS5 buildworld  (is this necessary ??)
> 2 make & install heimdal (/usr/ports/security/heimdal)
> 
> 3 On all machines added /etc/krb5.conf
> -----------------------------------
> [libdefaults]
>         default_realm = RFKERB
>         clockskew = 300
> 
> [realms]
>         RFKERB = {
>                 kdc = vhfbsd45-3.frohwein.xs4all.nl.
>         }
> [domain_realm]
>         frohwein.xs4all.nl = RFKERB
> -----------------------------------
> (vhfbsd45-3 is the name of Kdc/Server)
> 
> 4 On K:
> k5admin -l
> kadmin> init RFKERB
> kadmin> add myself
>     ...
> kadmin> add --random-key host/vhfbsd45-3.frohwein.xs4all.nl.
> kadmin> ext host/vhfbsd45-3.frohwein.xs4all.nl.
> 
> So i added some users + a keytab file for Server role.
> 
> 6 On S (==K):
> /etc/pam.conf
> klogin auth required pam_krb5.so try_first_pass
> And commented out the other login lines
> 
> 7 On S (==K):
> /etc/inetd.conf
> klogin  stream tcp  nowait root /usr/libexec/rlogind  rlogind -k
> 
> 8 From C
> rlogin -k RFKERB -l user1 vhfbsd45-3
> rlogin: illegal option -- k
> This rlogin does not comply to the man page.
> So what has heimdal installed?
> 
> When i just do:
> rlogin -l user1 vhfbsd45-3
> I see that (ethereal) that a  standard (port 513) rlogin request attempt
> is made.
> 
> 9 Telnet
> In the manpage about telnetd i see no options for kerberos.
> I tried:
> pam.conf:
> telnetd auth required pam_krb5.so try_first_pass
> inetd.conf normal
> 
> Result:
> telnet -l user1 vhfbsd45-3
> A normal SRA login is the result, no kerberos involved.
> 
> So i think something is wrong with the heimdal install for
> the applications like telnet and login.
> 
> 10
> I go to
> /usr/ports/security/heimdal/work/heimdal-0.4e/appl/telnet
> And use the telnet client there.
> When i do a login attempt i see on K in the logging:
> Apr  7 02:43:59 vhfbsd45-3 login: no modules loaded for `login' service
> Apr  7 02:43:59 vhfbsd45-3 login: pam_open_session: Permission denied
> 
> 
> 
> Because I can acquire a tgt on C and indeed with k5list I can see the
> ticket, I think only the installation of the kdc is ok , the rest fails.
> 
> 
> 
> thanks for some advice.
> 
> 
> Rob Frohwein
> 
> 

Did you install the pam_krb5 PAM module ? If no, then I suppose that's 
your problem.

Go into /usr/src/lib/libpam/modules/pam_krb5 and run make && make install

Cheers