Bug 108435 – krb5 logins fail

Bug 108435 - krb5 logins fail

Summary:	krb5 logins fail

Status:	CLOSED NOTABUG

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	krb5 (Show other bugs)
Sub Component:
Version:	rawhide
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Nalin Dahyabhai
QA Contact:	Brian Brock
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	CambridgeBlocker
	Show dependency tree / graph

Reported:	2003-10-29 10:26 EST by Michael K. Johnson
Modified:	2007-11-30 17:10 EST (History)
CC List:	0 users

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2003-10-29 10:29:29 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Michael K. Johnson 2003-10-29 10:26:58 EST

I just updated yesterday (tue oct 28) to latest rawhide, and now only
local users can log in; users authenticated by kerberos cannot log in.

The login attempt looks like this:

$ ssh donal
johnsonm@[censored]'s password: 
Connection to [censored] closed by remote host.
Connection to [censored] closed.
$

/var/log/secure says:

sshd[10614]: Accepted password for [censored] from [censored] port [censored] ssh2
sshd[10616]: pam_krb5[10616]: default/local realm 'REDHAT.COM'
sshd[10616]: pam_krb5[10616]: configured realm 'REDHAT.COM'
sshd[10616]: pam_krb5[10616]: flags:
sshd[10616]: pam_krb5[10616]: flag: user_check
sshd[10616]: pam_krb5[10616]: flag: no krb4_convert
sshd[10616]: pam_krb5[10616]: flag: warn
sshd[10616]: pam_krb5[10616]: renewable lifetime: 0 
sshd[10616]: pam_krb5[10616]: banner: Kerberos 5
sshd[10616]: pam_krb5[10616]: ccache dir: /tmp
sshd[10616]: pam_krb5[10616]: keytab: /etc/krb5.keytab
sshd[10616]: pam_krb5[10616]: called to update credentials for '[censored]'
sshd[10616]: pam_krb5[10616]: _pam_krb5_sly_refresh returning 0 (Success)
sshd[10616]: fatal: PAM setcred failed[3]: Error in service module

/etc/pam.d/system-auth says:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_krb5.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
account     [default=bad success=ok user_unknown=ignore service_err=ignore
system_err=ignore] /lib/security/$ISA/pam_krb5.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow nis
password    sufficient    /lib/security/$ISA/pam_krb5.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_krb5.so

# rpm -qa | grep krb5
krb5-devel-1.3.1-6
krb5-workstation-1.3.1-6
pam_krb5-2.0.4-1
krb5-libs-1.3.1-6

Comment 2 Michael K. Johnson 2003-10-29 10:29:29 EST

/dev/md1               4134832   4133572         0 100% /

Oops.

Note You need to log in before you can comment on or make changes to this bug.