From owner-freebsd-bugs@FreeBSD.ORG Mon Nov 21 07:30:12 2011 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A42A6106566C for ; Mon, 21 Nov 2011 07:30:12 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 67D3E8FC19 for ; Mon, 21 Nov 2011 07:30:12 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id pAL7UCnF038988 for ; Mon, 21 Nov 2011 07:30:12 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id pAL7UCXk038984; Mon, 21 Nov 2011 07:30:12 GMT (envelope-from gnats) Resent-Date: Mon, 21 Nov 2011 07:30:12 GMT Resent-Message-Id: <201111210730.pAL7UCXk038984@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Chris Telting Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ABA631065672 for ; Mon, 21 Nov 2011 07:28:38 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 9BCBE8FC08 for ; Mon, 21 Nov 2011 07:28:38 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id pAL7SceJ007882 for ; Mon, 21 Nov 2011 07:28:38 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id pAL7Scs3007880; Mon, 21 Nov 2011 07:28:38 GMT (envelope-from nobody) Message-Id: <201111210728.pAL7Scs3007880@red.freebsd.org> Date: Mon, 21 Nov 2011 07:28:38 GMT From: Chris Telting To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: misc/162715: pam_krb5 not storing tickets in /tmp X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Nov 2011 07:30:12 -0000 >Number: 162715 >Category: misc >Synopsis: pam_krb5 not storing tickets in /tmp >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Nov 21 07:30:11 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Chris Telting >Release: 8.2 >Organization: >Environment: FreeBSD cerberus.local 8.2-RELEASE-p3 FreeBSD 8.2-RELEASE-p3 #0: Wed Oct 5 10:24:38 PDT 2011 Ghost@ares.local:/var/obj/src/fbsd/src/8.2/sys/BlueKernel i386 >Description: pam_krb5 authenticates when I have it enabled in pam.d but it fails before storing a ticket in /tmp. I have tracked it down so far to pam_set_data/pam_get_data. Everything appears to be good and working in pam_sm_authenticate, I can pam_get_data after it's set perfectly fine. But in pam_sm_setcred in pam_krb5, which gets called after pam_sm_authenticate completes, pam_get_data fails to retrieve it's ccache data and fails. Now I'm stumped where to look. >How-To-Repeat: setup kerberos so you can kinit and kdestroy from a machine. Then on that machine enable kerberos through: auth sufficient pam_krb5.so debug no_warn try_first_pass Do this to login or ssh in the auth section. Use a different password for kerberos so you know what is authenticating. Use PAM_DEBUG versions of libpam.so.5 and pam_krb5.so.5 to see messages in /var/log/debug.log >Fix: >Release-Note: >Audit-Trail: >Unformatted: