FYI: Sun Patch breaks Solaris PAM with krb5 enabled

M Glogowski matthewg_NOSPAM at acuarc.com
Fri Apr 26 10:00:34 EDT 2002


i downloaded the sun patch cluster for solaris 8 and after
installatiopn/reboot i could not login to the system.

the following patch from the April 19th patch cluster breaks kerberos5 pam
on solaris 8:

112237-03 SunOS 5.8: mech_krb5.so.1 patch

with this error:

Apr 24 17:04:02 XXXXXXXXXXXXXX [ID 487707 auth.error] load_modules: cannot
open module /usr/lib/security/pam_krb5.so.1

via your login screen (dtlogin) you may see an error message: "Cannot load
PAM modules. Contact your System Administrator"



my pam.conf kerberos:


#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
rlogin  auth     sufficient /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass debug
login   auth     sufficient /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass debug
dtlogin auth     sufficient /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass debug
other   auth     sufficient /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass debug
dtlogin account  sufficient /usr/lib/security/$ISA/pam_krb5.so.1 debug
other   account  sufficient /usr/lib/security/$ISA/pam_krb5.so.1 debug
other   session  sufficient /usr/lib/security/$ISA/pam_krb5.so.1 debug
other   password sufficient /usr/lib/security/$ISA/pam_krb5.so.1
try_first_pass debug



performing some checks you will see that it cannot find another module:

root at XXXXXX [root]% ldd /usr/bin/kinit

mech_krb5.so.1 => /usr/lib/gss/gl/mech_krb5.so.1

libnsl.so.1 => /usr/lib/libnsl.so.1

libmp.so.2 => /usr/lib/libmp.so.2

libc.so.1 => /usr/lib/libc.so.1

libdl.so.1 => /usr/lib/libdl.so.1

libresolv.so.2 => /usr/lib/libresolv.so.2

libintl.so.1 => /usr/lib/libintl.so.1

libgss.so.1 => /usr/lib/libgss.so.1

libgss.so.1 (SUNW_1.2) => (version not found)

libsocket.so.1 => /usr/lib/libsocket.so.1

libxfn.so.2 => /usr/lib/libxfn.so.2

/usr/platform/SUNW,Ultra-2/lib/libc_psr.so.1

root at XXXXX [root]% ldd /usr/lib/security/pam_krb5.so

libc.so.1 => /usr/lib/libc.so.1

libpam.so.1 => /usr/lib/libpam.so.1

libnsl.so.1 => /usr/lib/libnsl.so.1

libsocket.so.1 => /usr/lib/libsocket.so.1

mech_krb5.so.1 => /usr/lib/gss/gl/mech_krb5.so.1

libkadm5clnt.so.1 => /usr/lib/krb5/libkadm5clnt.so.1

libmp.so.2 => /usr/lib/libmp.so.2

libdl.so.1 => /usr/lib/libdl.so.1

libintl.so.1 => /usr/lib/libintl.so.1

libxfn.so.2 => /usr/lib/libxfn.so.2

libresolv.so.2 => /usr/lib/libresolv.so.2

libgss.so.1 => /usr/lib/libgss.so.1

libgss.so.1 (SUNW_1.2) => (version not found)

/usr/platform/SUNW,Ultra-2/lib/libc_psr.so.1



i don't know where to post a bug request for sun's sunsolve
patches....anyone know?  once the patch was removed the system works fine.
i dont have an idea what the (SUNW_1.2) under libgss.so.1 is?



thanks,

-matt

please remove the _NOSPAM from my email address if you wish to respond to me
directly.










More information about the Kerberos mailing list