pam_krb5 for solaris
vkd
vkd79 at yahoo.nospam.com
Fri Feb 8 16:27:05 EST 2002
Where can I get proper pam_krb5 source that works on solaris?
I got one from this site: http://www.fcusack.com
but get this error message:
Feb 8 15:50:11 dot2 sshd[5445]: fatal: PAM initialisation failed[4]: System
error
Feb 8 15:50:46 dot2 sshd[5448]: load_modules: can not open module
/usr/lib/security/pam_krb5.so.1
Now, just a check:
----------------------------------------
$ ls -la /usr/lib/security/pam_krb5.so.1
-rwxr-xr-x 1 root other 724852 Feb 8 15:46 /usr/lib/security/pam_krb5.so.1*
$ ldd /usr/lib/security/pam_krb5.so.1
libpam.so.1 => /usr/lib/libpam.so.1
libnsl.so.1 => /usr/lib/libnsl.so.1
libsocket.so.1 => /usr/lib/libsocket.so.1
libc.so.1 => /usr/lib/libc.so.1
libdl.so.1 => /usr/lib/libdl.so.1
libmp.so.2 => /usr/lib/libmp.so.2
/usr/platform/SUNW,Ultra-2/lib/libc_psr.so.1
$ file /usr/lib/security/pam_krb5.so.1
/usr/lib/security/pam_krb5.so.1: ELF 32-bit MSB dynamic lib SPARC Version 1,
dynamically linked, not stripped
----------------------------------------
Here is how I modified the Makefile:
CC = gcc
CFLAGS = -O2 -fPIC
#LDFLAGS = -shared
LDFLAGS = -G
DESTDIR = /usr/lib/security
MANDIR = /usr/local/man/man5
OSLIBS = -lpam -lnsl -lsocket
KRB5LIBS
= -L/usr/kerberos/lib -R/usr/kerberos/lib -lkrb5 -lk5crypto -lcom_err
LIBS = $(OSLIBS) $(KRB5LIBS)
INC = -I/usr/include -I/usr/kerberos/include -I/usr/local/include
The version of Kerberos installed into /usr/kerberos is MIT (latest stable
release). I didn't know of any other Kerberos distros. Are there any? How do
they compare?
Any ideas? How should one properly set up Kerberos into PAM?
Here is my SSH config in pam.conf:
######################################################################
# SSH
######################################################################
#sshd auth sufficient /usr/lib/security/pam_krb5.so.1
try_first_pass
sshd auth required /usr/lib/security/pam_unix.so.1
sshd account required /usr/lib/security/pam_unix.so.1
sshd session required /usr/lib/security/pam_unix.so.1
#sshd session optional /usr/lib/security/pam_krb5.so.1
I commented it out for now (since it doesn't work) but that's what I used.
More information about the Kerberos
mailing list