PAM hangs after authenticating against 2003 AD

Jesper Angelo dkguru at gmail.com
Wed Aug 9 06:21:56 EDT 2006


Account: newbie ( Created on both AD and local (/etc/passwd) )

Login with pam_unix yields:
----------------------------------------------------------------
==> /var/log/auth.log <==
Aug  9 11:51:11 localhost login[15519]: pam_krb5:
pam_sm_authenticate(login newbie): entry:
Aug  9 11:51:11 localhost login[15519]: pam_krb5:
pam_sm_authenticate(login newbie): krb5_get_init_creds_password():
Preauthentication failed
Aug  9 11:51:11 localhost login[15519]: pam_krb5:
pam_sm_authenticate(login newbie): exit: failure
Aug  9 11:51:11 localhost login[15519]: pam_krb5:
pam_sm_authenticate(login newbie): entry:
Aug  9 11:51:11 localhost login[15519]: pam_krb5:
pam_sm_authenticate(login newbie): krb5_get_init_creds_password():
Preauthentication failed
Aug  9 11:51:11 localhost login[15519]: pam_krb5:
pam_sm_authenticate(login newbie): exit: failure
Aug  9 11:51:11 localhost login[15519]: pam_krb5:
pam_sm_acct_mgmt(login newbie): entry:
Aug  9 11:51:11 localhost login[15519]: pam_krb5:
pam_sm_acct_mgmt(login newbie): ccache: not found
Aug  9 11:51:11 localhost login[15519]: pam_krb5: pam_sm_setcred(login
newbie): entry:
Aug  9 11:51:11 localhost login[15519]: pam_krb5: pam_sm_setcred(login
newbie): pam_get_data(): No module specific data is present
Aug  9 11:51:11 localhost login[15519]: pam_krb5: pam_sm_setcred(login
newbie): exit: failure
Aug  9 11:51:11 localhost login[15519]: pam_krb5: pam_sm_setcred(login
newbie): entry:
Aug  9 11:51:11 localhost login[15519]: pam_krb5: pam_sm_setcred(login
newbie): pam_get_data(): No module specific data is present
Aug  9 11:51:11 localhost login[15519]: pam_krb5: pam_sm_setcred(login
newbie): exit: failure
Aug  9 11:51:11 localhost login[15519]: pam_krb5: pam_sm_setcred(login
newbie): entry:
Aug  9 11:51:11 localhost login[15519]: pam_krb5: pam_sm_setcred(login
newbie): pam_get_data(): No module specific data is present
Aug  9 11:51:11 localhost login[15519]: pam_krb5: pam_sm_setcred(login
newbie): exit: failure
----------------------------------------------------------------

Then i kinit... AD says its a success and I get ticket (and it doesnt
get deleted for a loong time).

Funny enough - logfile shows nothing :-/ (Even if I kdestory followed
by kinit...)

The login freezes in the sense that nothing happens. If I press CTRL-C,
it exits back to prompt.

I seems like it authorizes, and then dont know what to do next, thus
times out after 60 seconds...?


hope it makes sense :-)


Jesper Angelo



Sensei wrote:
> On 2006-08-08 15:03:46 +0200, "Jesper Angelo" <dkguru at gmail.com> said:
>
> > Additional info:
> >
> > Local login works using pam_unix...
> >
> > Even if I put pam_unix to be optional (ie all passwords are accepted)
> > it works - except if I put in the right password from the AD.
> >
> > So its something with the kerberos process in pam_krb5...
>
> Make a local user, login with this new guy and kinit to AD, get any log
> you can if something goes wrong. Work for some time to make sure you're
> not kicked out of the system (I understand this is what happens)
> collecting logs.
>
> Make clear what you mean by ``hangs for 30 secs''. Do you mean that it
> actually *freezes*? Can you type in the console?
>
> --
> Sensei <senseiwa at mac.com>
>
> The optimist thinks this is the best of all possible worlds.
> The pessimist fears it is true.      [J. Robert Oppenheimer]




More information about the Kerberos mailing list