pam_krb5 questions

Techie techchavez at gmail.com
Sun Jul 18 23:04:14 EDT 2010


On Sun, Jul 18, 2010 at 7:57 PM, Russ Allbery <rra at stanford.edu> wrote:
> Techie <techchavez at gmail.com> writes:
>
>> I have your pam_krb5 module working with RHEL5 but I am having issues on
>> RHEL4. When I replace the RHEL pam_krb5 with the eyrie module I can't
>> log in. It looks like the pam_krb5 is indeed aurthenticating me though
>> as seen below, well it says authenticated as the krb user. I am using
>> the newest module or 4.3. Looks like pam_krb5 is authenticating but
>> pam_unix is choking even though pam_krb5 is sufficient. As I said if I
>> use the RHEL module it works but I need the extra functionality of your
>> module. Will an older version of your module work possibly?
>
> All versions of the module should work fine on RHEL4.  We've been using it
> on RHEL4 since version 2.0, up to and including 4.3.
>
> Could you provide the PAM configuration that's being used for ssh?  This
> part:
>
>> sshd: PAM pam_parse: expecting return value; [...suficient]
>> sshd(pam_unix)[28825]: authentication failure; logname= uid=0 euid=0
>> tty=ssh ruser= rhost=rhel4test  user=joe_johnson
>
> looks like you have a syntax error in your PAM configuration, which will
> cause all authentications to fail.
Russ, I apologize, too many hours this weekend you are again correct.
If you look at my message above I misspelled sufficient in the auth
stack. Quite embarrassing, I spent 3 hours on this too.. As soon as I
fixed that it works fine.
Thanks for the quick response and the heads up on ksu by the way.

TC
>
> Also try adding debug to the PAM options for pam_krb5 and pam_unix
> everywhere they're run and then look in your syslog for the additional
> debugging output.
>
> --
> Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>
>




More information about the Kerberos mailing list