how to install pam_krb5_migrate in RHEL/Fedora, NIS-->Kerberos authentication
Robert Kudyba
rkudyba at fordham.edu
Fri Oct 23 16:05:48 EDT 2020
So I tried this work around, creating a sym link:
ln -s /usr/lib64/libkadm5clnt_mit.so.12.0
/usr/lib64/security/pam_krb5_migrate.so.1
from ssh -vv -K
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:6105)
>From the ssh logs after restarting sshd:
sshd: PAM unable to resolve symbol: pam_sm_authenticate
sshd: PAM unable to resolve symbol: pam_sm_setcred
Any other suggestions on getting this working?
On Fri, Oct 23, 2020 at 11:56 AM Robert Kudyba <rkudyba at fordham.edu> wrote:
>
> On Fri, Oct 23, 2020 at 10:48 AM Robbie Harwood <rharwood at redhat.com> wrote:
> > Robert Kudyba <rkudyba at fordham.edu> writes:
> >
> > > /usr/lib64/security/pam_krb5_migrate.so.1. Got the following errors:
> > > /usr/lib64/security/pam_krb5_migrate.so.1): libkadm5clnt_mit.so.11:
> > > cannot open shared object file: No such file or directory
> >
> > In Fedora, libkad5clnt_mit.so is provided by libkadm5. However, there
> > has been a soname bump (to 12).
>
> OK I see:
> /usr/lib64/libkadm5clnt.so
> /usr/lib64/libkadm5clnt_mit.so
> /usr/lib64/libkadm5clnt_mit.so.12
> /usr/lib64/libkadm5clnt_mit.so.12.0
>
> > Please be aware that neither I (Fedora maintainer) do not support
> > external programs using the libkadm5 interfaces, and upstream krb5 does
> > not provide stability guarantees for it.
>
> Sure, I understand. Just testing it at the moment.
>
> So can I use libkadm5clnt_mit.so.12.0 and reference that in the PAM
> auth stack, wherever I had pam_krb5_migrate? Oracle has a migration
> guide at https://docs.oracle.com/cd/E23824_01/html/821-1456/setup-148.html#faavx
> that I'm trying to follow.
More information about the Kerberos
mailing list