pam_krb5 questions

Russ Allbery rra at stanford.edu
Sun Jul 18 22:57:40 EDT 2010


Techie <techchavez at gmail.com> writes:

> I have your pam_krb5 module working with RHEL5 but I am having issues on
> RHEL4. When I replace the RHEL pam_krb5 with the eyrie module I can't
> log in. It looks like the pam_krb5 is indeed aurthenticating me though
> as seen below, well it says authenticated as the krb user. I am using
> the newest module or 4.3. Looks like pam_krb5 is authenticating but
> pam_unix is choking even though pam_krb5 is sufficient. As I said if I
> use the RHEL module it works but I need the extra functionality of your
> module. Will an older version of your module work possibly?

All versions of the module should work fine on RHEL4.  We've been using it
on RHEL4 since version 2.0, up to and including 4.3.

Could you provide the PAM configuration that's being used for ssh?  This
part:

> sshd: PAM pam_parse: expecting return value; [...suficient]
> sshd(pam_unix)[28825]: authentication failure; logname= uid=0 euid=0
> tty=ssh ruser= rhost=rhel4test  user=joe_johnson

looks like you have a syntax error in your PAM configuration, which will
cause all authentications to fail.

Also try adding debug to the PAM options for pam_krb5 and pam_unix
everywhere they're run and then look in your syslog for the additional
debugging output.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list