Problem using pam_krb5 + sshd on Solaris

[Parag Godkar]

> Now telnetd + PAM works well.
> With sshd problems continues.
> 
> Part of  pam.conf  (telnet and sshd had for testing only these rows) is:
> telnet  auth   required    pam_krb5.so.1    # it works
> sshd   auth   required    pam_krb5.so.1    # it does not work
> 
Now I may be wrong, but do you also have an entry for "login"
in your pam.conf ? I found that "login" and "sshd" entries clash if
not stacked properly.

Here is what my "auth" portion of /etc/pam.conf on Solaris 8 looks like -

-------------------------------------------------------------------
login   auth sufficient /usr/pam_krb5/lib/security/pam_krb5.so.1
login   auth sufficient /usr/lib/security/pam_unix.so.1 try_first_pass
login   auth sufficient /usr/lib/security/$ISA/pam_dial_auth.so.1
#
rlogin  auth sufficient /usr/pam_krb5/lib/security/pam_krb5.so.1
rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rlogin  auth sufficient /usr/lib/security/$ISA/pam_unix.so.1 
#
dtlogin auth sufficient /usr/pam_krb5/lib/security/pam_krb5.so.1
dtlogin auth sufficient /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
#
rsh     auth sufficient /usr/pam_krb5/lib/security/pam_krb5.so.1
rsh     auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
other   auth sufficient /usr/pam_krb5/lib/security/pam_krb5.so.1
other   auth sufficient /usr/lib/security/$ISA/pam_unix.so.1
-----------------------------------------------------------------------

I do not have an entry for sshd ; login entry handles all logins -
telnet as well as ssh. And I can telnet as well as ssh using
my kerberos passwords. 

Regards,
Parag.

> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos
>