Solaris 8 Kerberos / Ldap Client Setup

Matthew.GARRETT@external.total.com Matthew.GARRETT at external.total.com
Mon Jun 1 10:28:09 EDT 2009


 Folks

I am still getting problems with Kerberos on Sun Solaris 8

So far I have installed http://www.eyrie.org/~eagle/software/pam-krb5/ Pam 
module
With /etc/pam.conf set to debug mode I get the following

Jun  1 15:17:10 bruce login: [ID 305314 auth.debug] load_modules: 
/usr/lib/security/pam_unix.so.1
Jun  1 15:17:10 bruce login: [ID 265225 auth.debug] load_function: 
successful load of pam_sm_authenticate
Jun  1 15:17:10 bruce login: [ID 305314 auth.debug] load_modules: 
/usr/local/lib/security/pam_krb5.so.1
Jun  1 15:17:10 bruce login: [ID 265225 auth.debug] load_function: 
successful load of pam_sm_authenticate
Jun  1 15:17:14 bruce login: [ID 859314 auth.debug] pam_set_item(2)
Jun  1 15:17:19 bruce login: [ID 859314 auth.debug] pam_set_item(6)
Jun  1 15:17:19 bruce login: [ID 427203 auth.debug] pam_authenticate: 
error Authentication failed
Jun  1 15:17:19 bruce login: [ID 584047 auth.debug] (pam_krb5): none: 
pam_sm_authenticate: entry (0x0)
Jun  1 15:17:19 bruce login: [ID 584047 auth.debug] (pam_krb5): mgarrett: 
attempting authentication as mgarrett at UK.AD.EP.CORP.LOCAL
Jun  1 15:17:19 bruce login: [ID 859314 auth.debug] pam_set_item(2)
Jun  1 15:17:19 bruce login: [ID 584047 auth.debug] (pam_krb5): mgarrett: 
pam_sm_authenticate: exit (success)
Jun  1 15:17:19 bruce login: [ID 859314 auth.debug] pam_set_item(6)
Jun  1 15:17:23 bruce login: [ID 859314 auth.debug] pam_set_item(2)
Jun  1 15:17:23 bruce login: [ID 859314 auth.debug] pam_set_item(8)
Jun  1 15:17:23 bruce login: [ID 859314 auth.debug] pam_set_item(9)

Which I belive is say Password was correct and should be able to login ?

However I do not get a login prompt.

As root doing a su - mgarrett
I get the following
Jun  1 15:25:52 bruce su: [ID 366847 auth.info] 'su mgarrett' succeeded 
for root on /dev/pts/1
Jun  1 15:25:52 bruce su[4524]: [ID 942022 auth.debug] pam_setcred()
Jun  1 15:25:52 bruce su[4524]: [ID 305314 auth.debug] load_modules: 
/usr/lib/security/pam_unix.so.1
Jun  1 15:25:52 bruce su[4524]: [ID 265225 auth.debug] load_function: 
successful load of pam_sm_setcred
Jun  1 15:25:52 bruce su[4524]: [ID 305314 auth.debug] load_modules: 
/usr/local/lib/security/pam_krb5.so.1
Jun  1 15:25:52 bruce su[4524]: [ID 265225 auth.debug] load_function: 
successful load of pam_sm_setcred
Jun  1 15:25:52 bruce su[4524]: [ID 584047 auth.debug] (pam_krb5): none: 
pam_sm_setcred: entry (0x1)
Jun  1 15:25:52 bruce su[4524]: [ID 584047 auth.debug] (pam_krb5): none: 
no context found, creating one
Jun  1 15:25:52 bruce su[4524]: [ID 584047 auth.debug] (pam_krb5): 
mgarrett: unable to get PAM_KRB5CCNAME, assuming non-Kerberos login
Jun  1 15:25:52 bruce su[4524]: [ID 584047 auth.debug] (pam_krb5): none: 
pam_sm_setcred: exit (ignore)
Jun  1 15:25:52 bruce su[4524]: [ID 690057 auth.debug] pam_end(): status = 
Success

Can any body shed any further light on this problem.

Thanks

Matthew

Registered in England and Wales No.811900          
Registered Office 33 Cavendish Square, London W1G 0PW
This e-mail and any attachments are intended only for the person or entity
to whom it is addressed and may contain confidential or privileged
information.  If you are not the addressee, any disclosure, reproduction,
copying, distribution, or use of this communication is strictly prohibited.
If you are not the intended recipient or person responsible for delivering
this message to the named addressee, please notify us immediately and delete
this e-mail.
It is the responsibility of the addressee to scan this email and any
attachments for computer viruses or other defects.  The sender does not
accept liability for any loss or damage of any nature, however caused,
which may result directly or indirectly from this email or any file attached.


More information about the Kerberos mailing list