RedHat 7.2 Kerberos/PAM error: Initgroups

Matt Lesko matt at
Tue Jun 11 15:43:54 EDT 2002

After days of reading documentation and searching, I finally have a
RedHat Linux machine authentication users to a Windows 2000 Server
running Active Directory, using Kerberos. After installed pam_krb5, I
can even /bin/su - user and use the correct password for the AD
machine and get a shell prompt. However, the login function is broken.
Whenever I attempt to login via telnet or simply the 'login' program,
I get rejected with a 'Session setup problem, abort.' Checking
/var/log/messages gives this:

Jun 11 15:42:33 bach login[24922]: pam_krb5: authentication succeeds
for `joe'
Jun 11 15:42:33 bach login[24922]: initgroups: Operation not permitted

What does that second line indicate is at fault? I am apparently
getting through to the AD server, just not letting me login. For
reference, I have attached below my /etc/pam.d/login, /etc/pam.d/su,
and the messages from when I /bin/su into the user account (which does
give me a shell prompt). Any help would be greatly appreciated. TIA,
-- Matt Lesko

More information about the Kerberos mailing list