Problem using pam_krb5 + sshd on Solaris

Josef Kelbler kelbler at vumscomp.cz
Tue Nov 19 10:33:18 EST 2002


Hi colleagues,
I have problem with pam_krb5 on Solaris with sshd using PAM subsystem.

I have 2 instalation MIT Kerberos 5-1.2.6 on Solaris 8 and 9 in default
locations /usr/local.
Both Kerberos suites work.

I installed pam_krb5 from  sourceforge.net  and built
/usr/lib/security/pam_krb5.so.1
Before "make" I set environment variable: LD_RUN_PATH=/usr/local.
And therefore pam_krb5.so.1 obtained fixed pathes to another shared
libraries.
(Without this I had got problems wit telnetd + PAM).

Now telnetd + PAM works well.
With sshd problems continues.

Part of  pam.conf  (telnet and sshd had for testing only these rows) is:
telnet  auth   required    pam_krb5.so.1    # it works
sshd   auth   required    pam_krb5.so.1    # it does not work

In /var/adm/messages log there is for that event:
luna sshd[3009]: [ID 800047 auth.crit] fatal:
  PAM setcred failed[3]: Error in underlying service module

HOWEVER in KDC log (on another computer) there where 2 records:
Successful requests for TGT and Ticket for
host/<tested_Solaris_name><REALM>.

It means that pam_krb5 had obtained 2 tickets and in the end something
occured wrong.

Please, does enybody have any ideas?
Thanks

Josef Kelbler




More information about the Kerberos mailing list