SUMMARY: disabling krb524d attempts - causes login hangs

Fletcher Cocquyt fcocquyt at stanford.edu
Fri Dec 19 17:18:51 EST 2008


Nalin Dahyabhai <nalin <at> redhat.com> writes:

> 
> On Fri, Dec 19, 2008 at 05:16:13PM +0000, Fletcher Cocquyt wrote:
> > So in /etc/pam.d/system-auth-ac (the same place I added debug for logging krb
> > 
> > and the only pam.d with krb config) I set: 
> > 
> > krb4_convert=false krb4_convert_524=false
> 
> That should work in the 'pam' portion of the [appdefaults] section
> in krb5.conf.  If you're passing it in as an argument, try
> "no_krb4_convert" and "no_krb4_convert_524" instead.
> 
> HTH,
> 
> Nalin


DingDingDing! we have a winner!

Added krb4_convert_524=false to the appdefaults section (note, krb4_convert =
false already existed):

[appdefaults]
    default_lifetime      = 25hrs
    krb4_get_tickets      = false
    krb4_convert          = false
    krb4_convert_524      = false
    krb5_get_tickets      = true
    krb5_get_forwardable  = true


Solved the issue - kerberos authentication proceeds completes swiftly without
hanging  on the krb524 conversion

Thanks to Nalin and all who provided feedback
Cheers,
Fletcher





More information about the Kerberos mailing list