pam_krb5 for solaris

vkd vkd79 at yahoo.nospam.com
Fri Feb 8 16:27:05 EST 2002 

Where can I get proper pam_krb5 source that works on solaris?

I got one from this site: http://www.fcusack.com
but get this error message:

Feb  8 15:50:11 dot2 sshd[5445]: fatal: PAM initialisation failed[4]: System
error
Feb  8 15:50:46 dot2 sshd[5448]: load_modules: can not open module
/usr/lib/security/pam_krb5.so.1

Now, just a check:

----------------------------------------

$ ls -la /usr/lib/security/pam_krb5.so.1
-rwxr-xr-x 1 root other 724852 Feb 8 15:46 /usr/lib/security/pam_krb5.so.1*

$ ldd /usr/lib/security/pam_krb5.so.1
        libpam.so.1 =>   /usr/lib/libpam.so.1
        libnsl.so.1 =>   /usr/lib/libnsl.so.1
        libsocket.so.1 =>        /usr/lib/libsocket.so.1
        libc.so.1 =>     /usr/lib/libc.so.1
        libdl.so.1 =>    /usr/lib/libdl.so.1
        libmp.so.2 =>    /usr/lib/libmp.so.2
        /usr/platform/SUNW,Ultra-2/lib/libc_psr.so.1

$ file /usr/lib/security/pam_krb5.so.1
/usr/lib/security/pam_krb5.so.1: ELF 32-bit MSB dynamic lib SPARC Version 1,
dynamically linked, not stripped

----------------------------------------

Here is how I modified the Makefile:

CC = gcc
CFLAGS = -O2 -fPIC
#LDFLAGS = -shared
LDFLAGS = -G

DESTDIR = /usr/lib/security
MANDIR = /usr/local/man/man5

OSLIBS = -lpam -lnsl -lsocket
KRB5LIBS
= -L/usr/kerberos/lib -R/usr/kerberos/lib -lkrb5 -lk5crypto -lcom_err

LIBS = $(OSLIBS) $(KRB5LIBS)

INC = -I/usr/include -I/usr/kerberos/include -I/usr/local/include

The version of Kerberos installed into /usr/kerberos is MIT (latest stable
release). I didn't know of any other Kerberos distros. Are there any? How do
they compare?

Any ideas? How should one properly set up Kerberos into PAM?

Here is my SSH config in pam.conf:
######################################################################
# SSH
######################################################################
#sshd   auth     sufficient     /usr/lib/security/pam_krb5.so.1
try_first_pass
sshd    auth     required       /usr/lib/security/pam_unix.so.1
sshd    account  required       /usr/lib/security/pam_unix.so.1
sshd    session  required       /usr/lib/security/pam_unix.so.1
#sshd   session  optional       /usr/lib/security/pam_krb5.so.1

I commented it out for now (since it doesn't work) but that's what I used.

More information about the Kerberos mailing list