how to install pam_krb5_migrate in RHEL/Fedora, NIS-->Kerberos authentication
Robert Kudyba
rkudyba at fordham.edu
Fri Oct 23 09:51:01 EDT 2020
We are trying to drop in Kerberos authentication in Fedora 32 for NIS.
I have Kerberos working, H/T to
https://docs.oracle.com/en/operating-systems/oracle-linux/7/userauth/ol7-auth.html#ol7-cfgkrb-auth.
The man page for it at
https://docs.oracle.com/cd/E23824_01/html/821-1474/pam-krb5-migrate-5.html#REFMAN5pam-krb5-migrate-5
applies to Solaris as they reference /etc/pam.auth and has an extra
field in the PAM authentication stack, e.g. 'gdm', 'login' and
'k5migrate'.
I've seen the previous discussions at
https://www.mail-archive.com/kerberos@mit.edu/msg15841.html and
https://www.mail-archive.com/kerberos@mit.edu/msg15534.html
I see there are source packages albeit for Debian at
https://www.samba.org/~jelmer/pam_krb5_migrate/. I used 'ar x' to
extract the files from .deb and copied pam_krb5_migrate_mit.so to
/usr/lib/security and made a sym link at
/usr/lib64/security/pam_krb5_migrate.so.1. Got the following errors:
/usr/lib64/security/pam_krb5_migrate.so.1): lib kadm5clnt_mit.so.11:
cannot open shared object file: No such file or directory
ourserver crond[52612]: PAM adding faulty module:
/usr/lib64/security/pam_krb5_migrate.so.1
ourserver crond[52612]: PAM (crond) illegal module type: k5migrate
ourserver crond[52612]: PAM pam_parse: expecting return value; [...auth]
Is there a way to get this module for Fedora?
More information about the Kerberos
mailing list