From owner-freebsd-questions Tue Oct 29 22:39:50 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 234CB37B401 for ; Tue, 29 Oct 2002 22:39:48 -0800 (PST) Received: from mail.bg (dialup250.varna.spnet.net [213.169.38.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7473043E75 for ; Tue, 29 Oct 2002 22:39:44 -0800 (PST) (envelope-from dpenev@mail.bg) Received: from mail.bg (localhost [127.0.0.1]) by mail.bg (8.12.5/8.12.5) with ESMTP id g9U6cVWS000584; Wed, 30 Oct 2002 08:38:32 +0200 (EET) (envelope-from dpenev@mail.bg) Received: (from root@localhost) by mail.bg (8.12.5/8.12.5/Submit) id g9U6cHDi000581; Wed, 30 Oct 2002 08:38:17 +0200 (EET) Date: Wed, 30 Oct 2002 08:38:16 +0200 From: "D. Penev" To: Mark A Gebert Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Kerberos5 PAM Question Message-ID: <20021030063816.GA244@earth.dpsca.bg> Mail-Followup-To: Mark A Gebert , freebsd-questions@FreeBSD.ORG References: <20021029131011.GH316@thugsrus.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20021029131011.GH316@thugsrus.org> User-Agent: Mutt/1.4i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Oct 29, 2002 at 08:10:11AM -0500, Mark A Gebert wrote: >Date: Tue, 29 Oct 2002 08:10:11 -0500 >From: Mark A Gebert >To: questions@FreeBSD.org >Subject: Kerberos5 PAM Question > >Under FreeBSD4.7, I installed the pam_krb5 port (compiled with MIT Kerberos) >and I'm trying to get it to generate a ticket file with sshd (with >UsePrivilegeSeparation set to yes). I get authenticated fine into the system: > > > >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) initialize_method: pam_sm_authenticate >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) initialize_method: allocating pam_krb5_state >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) dumping state >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) option: debug >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) option: use_first_pass >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) option: require_keytab >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) option: ccache=%u >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) state: user=`geeb' >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) state: service=`sshd' >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) initialize_method: success >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) pam_sm_authenticate: resolve_principal: Success >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) pam_krb5_get_authtok: no pre-existing password >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_sm_authenticate: krb5_get_init_creds_password: Success >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_sm_authenticate: pam_krb5_store_tgt: Success >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_krb5_verify_tgt: Success >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_sm_authenticate: result for user `geeb': Success >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) initialize_method: pam_sm_acct_mgmt >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) dumping state >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) option: debug >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) option: use_first_pass >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) option: require_keytab >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) option: ccache=%u >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: STATE_AUTH_COMPLETED >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: princ_name=`geeb@THUGSRUS.NET' >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: user=`geeb' >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: service=`sshd' >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: princ exists >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: ccache exists >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) initialize_method: success >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_sm_acct_mgmt: result for user `geeb': Success >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) cleanup_state >Oct 29 08:05:18 lart2 sshd[299]: Accepted keyboard-interactive/pam for geeb from 66.93.1.55 port 2142 ssh2 > > >But no ticket file: > > >> klist >klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_4465) > > >Kerberos 4 ticket cache: /tmp/tkt4465 >klist: You have no tickets cached > > >The line in /etc/pam.conf is: > >sshd auth required pam_krb5.so use_first_pass ccache=%u require_keytab debug I had such kind of problems with pam_krb5 & login and I resolve them as move pam_krb5 to be first in pam stack. > >I've generated a host/lart2.thugsrus.net and a sshd/lart.thugsrus.net key but >to no avail. > >Any help is appreciated. > >--geeb > >-- >Mark Gebert geeb@thugsrus.org >"It takes a Viking to raze a village!" > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message -- Regards, D. Penev To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message