libpam_krb5 + heimdal issue (newbie alarm)
Marcus Blomenkamp
mblomenk at gmx.de
Thu Jul 25 04:06:40 EDT 2002
Hi there.
I'm a real nb when it comes to Kerberos/LDAP/PAM/NSS etc.
I've installed heimdal on a fresh debian-3.0 system, realmname
MY_KRB_REALM and added a user marcus. No problem so far, i can 'kinit
<marcus>' fine. But I've got major problems getting it running with PAM.
I made the modifications to pam config files locally for simplicities
sake. I am following the steps of documentation from:
http://www.ofb.net/~jheiss/krbldap/howto.html
Situation in short:
I added a user to kerberos called 'marcus'.
I added a user locally to passwd/shadow and modified password to '*K*',
so i don't have to get LDAP running first.
I modified the appropriate lines in files in '/etc/pam.d' according to
the documentation:
'login'
auth sufficient pam_unix.so
auth required pam_krb5.so use_first_pass
'other'
session optional pam_krb5.so
session required pam_unix.so
password sufficient pam_unix.so
password required pam_krb5.so use_first_pass
I tried to do 'login marcus' but it failed with 'Login incorrect'.
Heimdal-kdc logfiles spills out the following for each attempt:
2002-07-25T09:41:21 AS-REQ marcus at MY_KRB_REALM from IPv4:192.168.1.101
for krbtgt/MY_KRB_REALM at MY_KRB_REALM
2002-07-25T09:41:21 Using des3-cbc-sha1/des3-cbc-sha1
2002-07-25T09:41:21 sending 617 bytes to IPv4:192.168.1.101
I bet this is a simple issue for you out there. Is it because of the
'use_first_pass' parameters? I've never seen them before. Or is it a
crypto thing - des vs 3des?
Big Thanks, Marcus
More information about the Kerberos
mailing list