Date: Wed, 30 Oct 2002 08:38:16 +0200 From: "D. Penev" <dpenev@mail.bg> To: Mark A Gebert <geeb@thugsrus.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Kerberos5 PAM Question Message-ID: <20021030063816.GA244@earth.dpsca.bg> In-Reply-To: <20021029131011.GH316@thugsrus.org> References: <20021029131011.GH316@thugsrus.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 29, 2002 at 08:10:11AM -0500, Mark A Gebert wrote: >Date: Tue, 29 Oct 2002 08:10:11 -0500 >From: Mark A Gebert <geeb@thugsrus.org> >To: questions@FreeBSD.org >Subject: Kerberos5 PAM Question > >Under FreeBSD4.7, I installed the pam_krb5 port (compiled with MIT Kerberos) >and I'm trying to get it to generate a ticket file with sshd (with >UsePrivilegeSeparation set to yes). I get authenticated fine into the system: > > > >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) initialize_method: pam_sm_authenticate >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) initialize_method: allocating pam_krb5_state >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) dumping state >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) option: debug >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) option: use_first_pass >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) option: require_keytab >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) option: ccache=%u >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) state: user=`geeb' >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) state: service=`sshd' >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) initialize_method: success >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) pam_sm_authenticate: resolve_principal: Success >Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) pam_krb5_get_authtok: no pre-existing password >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_sm_authenticate: krb5_get_init_creds_password: Success >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_sm_authenticate: pam_krb5_store_tgt: Success >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_krb5_verify_tgt: Success >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_sm_authenticate: result for user `geeb': Success >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) initialize_method: pam_sm_acct_mgmt >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) dumping state >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) option: debug >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) option: use_first_pass >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) option: require_keytab >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) option: ccache=%u >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: STATE_AUTH_COMPLETED >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: princ_name=`geeb@THUGSRUS.NET' >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: user=`geeb' >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: service=`sshd' >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: princ exists >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: ccache exists >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) initialize_method: success >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_sm_acct_mgmt: result for user `geeb': Success >Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) cleanup_state >Oct 29 08:05:18 lart2 sshd[299]: Accepted keyboard-interactive/pam for geeb from 66.93.1.55 port 2142 ssh2 > > >But no ticket file: > > >> klist >klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_4465) > > >Kerberos 4 ticket cache: /tmp/tkt4465 >klist: You have no tickets cached > > >The line in /etc/pam.conf is: > >sshd auth required pam_krb5.so use_first_pass ccache=%u require_keytab debug I had such kind of problems with pam_krb5 & login and I resolve them as move pam_krb5 to be first in pam stack. > >I've generated a host/lart2.thugsrus.net and a sshd/lart.thugsrus.net key but >to no avail. > >Any help is appreciated. > >--geeb > >-- >Mark Gebert geeb@thugsrus.org >"It takes a Viking to raze a village!" > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message -- Regards, D. Penev To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021030063816.GA244>