Debugging Suse krb pam for ssh session?

Robert Wehn robert.wehn at rz.uni-augsburg.de
Wed Mar 12 04:31:53 EDT 2014


Am 12.03.2014 02:30, schrieb ольга крыжановская:
> Does anyone know how I can debug kerberos pam on Linux? We have a new
> krb5 server running on stock Suse 11.3 on which a user test001 is
> configured. Logging in into that local account works on the server and
> gives automagic a krb5 ticket.
I'm not sure how pam is configured in Suse Linux.
In Debian/Ubuntu i would look into
/etc/pam.d/auth-common (or the other auth modules there)
to see which modules are used and "requisite" "sufficient" "optional" ...
Maybe its all in one file like /etc/pam.conf in Suse ...

"man pam.conf" for the details.

What do you plan to do:
- Lock in with a local account and get a kerberos ticket in addition
(for the local user)
- have a password only in kerberos *or* locally on the machine
> However, on the client machine, which runs Suse 12.3, which uses the
> server as kdc, I do not get a krb5 ticket automagically if I ssh into
> it, while a later kinit gives me the desired ticket.
please provide the pam config files of server and client.

Robert.

-- 

Dr. Robert Wehn ........................ http://www.rz.uni-augsburg.de
Universität Augsburg, Rechenzentrum ............. Tel. (0821) 598-2047
86135 Augsburg .................................. Fax. (0821) 598-2028



More information about the Kerberos mailing list