disabling krb524d attempts - causes login hangs

Russ Allbery rra at stanford.edu
Fri Dec 19 14:47:34 EST 2008


Fletcher Cocquyt <fcocquyt at stanford.edu> writes:

> per the man page: http://linux.die.net/man/8/pam_krb5
>
> It had no effect - even after restarting the sshd service

Judging from the man page, this is the Red Hat pam-krb5 module.  I know
that other people around Stanford have had a ton of problems with delays
caused by that module and its attempts to get Kerberos v4 tickets.
There's probably some way to fix it, but the most common solution has been
to just get rid of it and run a different PAM module.

Probably not surprisingly, all the Stanford central infrastructure systems
use my PAM module:

    http://www.eyrie.org/~eagle/software/pam-krb5/

I wrote it to never try to get Kerberos v4 tickets, so it shouldn't have
this problem.  Switching to it has fixed the problem for a number of Red
Hat users around campus.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list