FW: GDM AD authentication
Ness, Todd
todd.ness at eds.com
Tue Jun 8 11:17:02 EDT 2004
Forgot to reply to list...
-----Original Message-----
From: Ness, Todd
Sent: Tuesday, June 08, 2004 8:55 AM
To: 'Pitrich, Karl'
Subject: RE: GDM AD authentication
I added this in /etc/krb5.conf like below, and it did not change the
behavior.
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = PWR.EDS.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
PWR.EDS.COM = {
kdc = ###.###.###.###:88
admin_server = ###.###.###.###:749
default_domain = pwr.eds.com
}
[domain_realm]
.pwr.eds.com = PWR.EDS.COM
.local = PWR.EDS.COM
[kdc]
profile = /etc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
ccache = SAVE
}
-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf
Of Pitrich, Karl
Sent: Tuesday, June 08, 2004 3:43 AM
To: 'kerberos at mit.edu'
Subject: Re: GDM AD authentication
On Mon, 2004-06-07 at 22:53, Ness, Todd wrote:
> I have a SuSE8.1 workstation that authenticates against an AD domain
> for ssh logins,
> If I try to login from GDM I get:
> Jun 7 08:49:41 SSPRJDS20TEST gdm[2332]: (pam_krb5) pam_sm_setcred:
> result for user `test004': Error in service module Jun 7 08:49:41
> SSPRJDS20TEST gdm[2332]: Couldn't set credentials for test004
> Jun 7 08:49:42 SSPRJDS20TEST gdm[2332]: (pam_krb5) cleanup_state
gdm runs as seperate user.
probably it cannot write to the credential cache file.
try adding pam_krb5 option: ccache=SAVE
/ pit
More information about the Kerberos
mailing list