Kerberos and Solaris 9 problems
mr.bmonroe@gmail.com
mr.bmonroe at gmail.com
Thu Mar 30 19:26:29 EST 2006
Hey all,
I'm trying to configure a Solaris 9 server to authenticate against an
Win 2000 ADS server with mixed results and was looking for some
insight.
So here's the thing; Once logged in, I can run kinit and aquire a
ticket:
# kinit
Password for user_name at REALM.COM:
# klist
Ticket cache: /tmp/krb5cc_7155
Default principal: user_name at REALM.COM
Valid starting Expires
Service principal
Thu Mar 30 16:14:41 2006 Fri Mar 31 02:14:41 2006
krbtgt/REALM.COM at REALM.COM
renew until Thu Apr 06 17:14:41 2006
But, I can not authenticate with PAM to save my life (with any remote
client; telnet, ssh, etc).
Sshd's PAM entry looks like:
sshd auth requisite pam_authtok_get.so.1
sshd auth required pam_dhkeys.so.1
sshd auth required pam_krb5.so.1 use_first_pass debug
sshd auth sufficient pam_unix_auth.so.1
The errors I get in /var/adm/messages are:
Mar 30 16:19:21 servername sshd[3245]: [ID 537602 auth.error]
PAM-KRB5 (auth): krb5_verify_init_creds failed: Decrypt integrity check
failed
Is there something I am doing wrong? Telnet fails with the same error.
Is this an issue with Solaris 9's built in kerb support (I am not
using MIT's).
If you could help point me in the right direction, I'd be much
appreciative.
Thanks
--Brett
More information about the Kerberos
mailing list