FW: GDM AD authentication

Ness, Todd todd.ness at eds.com
Tue Jun 8 11:17:02 EDT 2004


Forgot to reply to list...

-----Original Message-----
From: Ness, Todd 
Sent: Tuesday, June 08, 2004 8:55 AM
To: 'Pitrich, Karl'
Subject: RE: GDM AD authentication


I added this in /etc/krb5.conf like below, and it did not change the
behavior.

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 ticket_lifetime = 24000
 default_realm = PWR.EDS.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false

[realms]
PWR.EDS.COM = {
        kdc = ###.###.###.###:88
        admin_server = ###.###.###.###:749
        default_domain = pwr.eds.com
}

[domain_realm]
         .pwr.eds.com = PWR.EDS.COM
         .local = PWR.EDS.COM

[kdc]
 profile = /etc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
   ccache = SAVE
 }

-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf
Of Pitrich, Karl
Sent: Tuesday, June 08, 2004 3:43 AM
To: 'kerberos at mit.edu'
Subject: Re: GDM AD authentication


On Mon, 2004-06-07 at 22:53, Ness, Todd wrote:
> I have a SuSE8.1 workstation that authenticates against an AD domain
> for ssh logins,

> If I try to login from GDM I get:

> Jun  7 08:49:41 SSPRJDS20TEST gdm[2332]: (pam_krb5) pam_sm_setcred:
> result for user `test004': Error in service module Jun  7 08:49:41 
> SSPRJDS20TEST gdm[2332]: Couldn't set credentials for test004
> Jun  7 08:49:42 SSPRJDS20TEST gdm[2332]: (pam_krb5) cleanup_state



gdm runs as seperate user.
probably it cannot write to the credential cache file.

try adding pam_krb5 option: ccache=SAVE



 / pit




More information about the Kerberos mailing list