Configuring kerberos for Solaris

Ganesh ganeshv at india.hp.com
Mon Mar 24 10:32:29 EST 2003


I'm trying to configure kerberos, to authenticate the
users through Web. I've successfully compiled
mod_auth_pam.c on Solaris 8 and am able to authenticate
the users, if I use pam_unix.so.1 in my pam.conf file.
But if I try to authenticate by using pam_krb5.so.1
it fails.

I'm using the pam_krb5.so.1 which is shipped along with solaris2.8.

A snap shot of my pam.conf file :

# The commented line works fine
#
httpd   auth sufficient   /usr/lib/security/$ISA/pam_krb5.so.1
#httpd   auth required   /usr/lib/security/$ISA/pam_unix.so.1

httpd   account  sufficient     /usr/lib/security/$ISA/pam_krb5.so.1
#httpd   account required       /usr/lib/security/$ISA/pam_unix.so.1

My /etc/krb5/krb5.conf file ..

[libdefaults]
   default_realm = INDIA.HP.COM
   default_tkt_enctypes = DES-CBC-CRC
   default_tgs_enctypes = DES-CBC-CRC
   ccache_type = 2

[realms]
   INDIA.HP.COM = {
      kdc = nt40239.india.hp.com:88
      admin_server = nt40239.india.hp.com:749
      default_domain = india.hp.com
}

[domain_realm]
 .india.hp.com = INDIA.HP.COM
 india.hp.com = INDIA.HP.COM

[logging]
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmin.log
        default = FILE:/var/log/krb5lib.log

I've also updated the /etc/services file to look into my
KDC server.

My kDC server(Linux server) is up and running as I'm 
able to authenticate the users, with the same KDC if 
the client is HP-Ux m/c.

Is that I've to make any changes in my krb5.conf file or
have to rebuild the pam_krb5.so file ? Please give your
inputs!

TIA,
Ganesh.


More information about the Kerberos mailing list