can't unlock xscreensaver
steve
steve at steve-ss.com
Fri Feb 3 10:40:16 EST 2012
On 02/01/2012 06:46 PM, steve wrote:
> This is my first post here so hi everyone.
>
> We have a Lan of Linux and win 7 boxes under a Samba 4 pdc. On Linux,
> our Kerberos password does not unlock xscreensaver. We get
> 'Authentication failed'.
>
> openSUSE 12.1. a few files:
>
> /etc/krb5.conf
> [libdefaults]
> default_realm = HH3.SITE
> dns_lookup_realm = false
> dns_lookup_kdc = true
> clockskew = 300
> [domain_realm]
> .hh3.site = HH3.SITE
> [realms]
> HH3.SITE = {
> kdc = 192.168.1.3
> default_domain = hh3.site
> admin_server = 192.168.1.3
> }
> [appdefaults]
> pam = {
> ticket_lifetime = 1d
> renew_lifetime = 1d
> forwardable = true
> proxiable = false
> minimum_uid = 1
> clockskew = 300
> external = sshd
> use_shmem = sshd
> }
>
> /etc/pam.d/common-auth
> auth required pam_env.so
> auth optional pam_gnome_keyring.so
> auth sufficient pam_unix2.so
> auth required pam_krb5.so
> auth required pam_ldap.so use_first_pass
>
> /etc/pam.d/xscreensaver
> auth include common-auth
> account include common-account
> password include common-password
> session include common-session
>
> Any ideas anyone?
> Thanks,
> Steve
OK
I've now seen that the xscreensaver shipped with openSUSE 12.1 does not
support Krb5. Fine. I installed gnome-screensaver. Still no go. So I
tried gnome-screensaver with Kerberos auth on Ubuntu. _It worked_. The
common-auth on Ubuntu has this:
auth required pam_env.so
auth optional pam_gnome_keyring.so
auth sufficient pam_unix2.so
auth required pam_krb5.so
Which doesn't work when copied to openSUSE
Can I conclude:
1. the fault is not with Kerberos
2. pam is at fault on openSUSE
3. gnome-screensaver is at fault with openSUSE
Any ideas anyone?
Thanks,
Steve
More information about the Kerberos
mailing list