From owner-freebsd-questions@FreeBSD.ORG  Sat Nov  6 18:03:43 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 297C016A4CE
	for <freebsd-questions@freebsd.org>;
	Sat,  6 Nov 2004 18:03:43 +0000 (GMT)
Received: from pion19.tphys.physik.uni-tuebingen.de
	(pion19.tphys.physik.uni-tuebingen.de [134.2.78.142])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 37B0343D3F
	for <freebsd-questions@freebsd.org>;
	Sat,  6 Nov 2004 18:03:42 +0000 (GMT)
	(envelope-from epple@tphys.physik.uni-tuebingen.de)
Received: from pion05.tphys.physik.uni-tuebingen.de
	(pion05.tphys.physik.uni-tuebingen.de [134.2.78.200])
	id iA6I3fWu024238
	for <freebsd-questions@freebsd.org>; Sat, 6 Nov 2004 19:03:41 +0100
Received: from pion05.tphys.physik.uni-tuebingen.de (localhost [127.0.0.1])
	0.7) with ESMTP id iA6I3fCA022733
	for <freebsd-questions@freebsd.org>; Sat, 6 Nov 2004 19:03:41 +0100
Received: (from epple@localhost)iA6I3ftF022732
	for freebsd-questions@freebsd.org; Sat, 6 Nov 2004 19:03:41 +0100
Date: Sat, 6 Nov 2004 19:03:41 +0100
From: Dominik Epple <epple@tphys.physik.uni-tuebingen.de>
To: freebsd-questions@freebsd.org
Message-ID: <20041106180341.GA22688@pion05.tphys.physik.uni-tuebingen.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
Subject: About pam
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Nov 2004 18:03:43 -0000

Hi list,

I have a problem with pam. While trying to setup authentication against
a kerberos server, I encountered the following problem.

If I modify /etc/pam.d/login to look like (very minimalistic)

auth            required        pam_unix.so             debug
account         required        pam_unix.so             debug

then login on the console (into an ordinary account in the /etc files)
is (still) working properly. However, if I change the line

auth            required        pam_unix.so             debug

to

auth            sufficient      pam_unix.so             debug
auth            required        pam_deny.so             debug

which should be completely equivalent to the replaced line, login fails.
In the log (/var/log/auth.log) I find

Nov  6 18:44:59 daemon login: login on ttyv0 as dominik
Nov  6 18:44:59 daemon login: in _openpam_check_error_code(): pam_sm_setcred(): unexpected return value 9
Nov  6 18:44:59 daemon login: pam_setcred(): authentication error

What is happening there? Am I doing something wrong? Or is this a bug?

Regards, Dominik.

PS. The system is freshly cvsup'd, compiled and installed.

My supfile contains '*default release=cvs tag=RELENG_5_3_0_RELEASE'.

'uname -a' says 'FreeBSD daemon.intranet 5.3-RELEASE FreeBSD
5.3-RELEASE #0: Sat Nov  6 16:50:02 CET 2004
root@daemon.intranet:/usr/obj/usr/src/sys/GENERIC  i386'.
--