SUMMARY: disabling krb524d attempts - causes login hangs
Fletcher Cocquyt
fcocquyt at stanford.edu
Fri Dec 19 17:18:51 EST 2008
Nalin Dahyabhai <nalin <at> redhat.com> writes:
>
> On Fri, Dec 19, 2008 at 05:16:13PM +0000, Fletcher Cocquyt wrote:
> > So in /etc/pam.d/system-auth-ac (the same place I added debug for logging krb
> >
> > and the only pam.d with krb config) I set:
> >
> > krb4_convert=false krb4_convert_524=false
>
> That should work in the 'pam' portion of the [appdefaults] section
> in krb5.conf. If you're passing it in as an argument, try
> "no_krb4_convert" and "no_krb4_convert_524" instead.
>
> HTH,
>
> Nalin
DingDingDing! we have a winner!
Added krb4_convert_524=false to the appdefaults section (note, krb4_convert =
false already existed):
[appdefaults]
default_lifetime = 25hrs
krb4_get_tickets = false
krb4_convert = false
krb4_convert_524 = false
krb5_get_tickets = true
krb5_get_forwardable = true
Solved the issue - kerberos authentication proceeds completes swiftly without
hanging on the krb524 conversion
Thanks to Nalin and all who provided feedback
Cheers,
Fletcher
More information about the Kerberos
mailing list