Configuring kerberos for Solaris
Ganesh
ganeshv at india.hp.com
Mon Mar 24 10:32:29 EST 2003
I'm trying to configure kerberos, to authenticate the
users through Web. I've successfully compiled
mod_auth_pam.c on Solaris 8 and am able to authenticate
the users, if I use pam_unix.so.1 in my pam.conf file.
But if I try to authenticate by using pam_krb5.so.1
it fails.
I'm using the pam_krb5.so.1 which is shipped along with solaris2.8.
A snap shot of my pam.conf file :
# The commented line works fine
#
httpd auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1
#httpd auth required /usr/lib/security/$ISA/pam_unix.so.1
httpd account sufficient /usr/lib/security/$ISA/pam_krb5.so.1
#httpd account required /usr/lib/security/$ISA/pam_unix.so.1
My /etc/krb5/krb5.conf file ..
[libdefaults]
default_realm = INDIA.HP.COM
default_tkt_enctypes = DES-CBC-CRC
default_tgs_enctypes = DES-CBC-CRC
ccache_type = 2
[realms]
INDIA.HP.COM = {
kdc = nt40239.india.hp.com:88
admin_server = nt40239.india.hp.com:749
default_domain = india.hp.com
}
[domain_realm]
.india.hp.com = INDIA.HP.COM
india.hp.com = INDIA.HP.COM
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
I've also updated the /etc/services file to look into my
KDC server.
My kDC server(Linux server) is up and running as I'm
able to authenticate the users, with the same KDC if
the client is HP-Ux m/c.
Is that I've to make any changes in my krb5.conf file or
have to rebuild the pam_krb5.so file ? Please give your
inputs!
TIA,
Ganesh.
More information about the Kerberos
mailing list