Date: Sat, 6 Nov 2004 19:03:41 +0100 From: Dominik Epple <epple@tphys.physik.uni-tuebingen.de> To: freebsd-questions@freebsd.org Subject: About pam Message-ID: <20041106180341.GA22688@pion05.tphys.physik.uni-tuebingen.de>
next in thread | raw e-mail | index | archive | help
Hi list, I have a problem with pam. While trying to setup authentication against a kerberos server, I encountered the following problem. If I modify /etc/pam.d/login to look like (very minimalistic) auth required pam_unix.so debug account required pam_unix.so debug then login on the console (into an ordinary account in the /etc files) is (still) working properly. However, if I change the line auth required pam_unix.so debug to auth sufficient pam_unix.so debug auth required pam_deny.so debug which should be completely equivalent to the replaced line, login fails. In the log (/var/log/auth.log) I find Nov 6 18:44:59 daemon login: login on ttyv0 as dominik Nov 6 18:44:59 daemon login: in _openpam_check_error_code(): pam_sm_setcred(): unexpected return value 9 Nov 6 18:44:59 daemon login: pam_setcred(): authentication error What is happening there? Am I doing something wrong? Or is this a bug? Regards, Dominik. PS. The system is freshly cvsup'd, compiled and installed. My supfile contains '*default release=cvs tag=RELENG_5_3_0_RELEASE'. 'uname -a' says 'FreeBSD daemon.intranet 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Sat Nov 6 16:50:02 CET 2004 root@daemon.intranet:/usr/obj/usr/src/sys/GENERIC i386'. --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041106180341.GA22688>