Bug 108435 - krb5 logins fail
Summary: krb5 logins fail
Alias: None
Product: Fedora
Classification: Fedora
Component: krb5   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
Depends On:
Blocks: CambridgeBlocker
TreeView+ depends on / blocked
Reported: 2003-10-29 15:26 UTC by Michael K. Johnson
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-10-29 15:29:29 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Michael K. Johnson 2003-10-29 15:26:58 UTC
I just updated yesterday (tue oct 28) to latest rawhide, and now only
local users can log in; users authenticated by kerberos cannot log in.

The login attempt looks like this:

$ ssh donal
johnsonm@[censored]'s password: 
Connection to [censored] closed by remote host.
Connection to [censored] closed.

/var/log/secure says:

sshd[10614]: Accepted password for [censored] from [censored] port [censored] ssh2
sshd[10616]: pam_krb5[10616]: default/local realm 'REDHAT.COM'
sshd[10616]: pam_krb5[10616]: configured realm 'REDHAT.COM'
sshd[10616]: pam_krb5[10616]: flags:
sshd[10616]: pam_krb5[10616]: flag: user_check
sshd[10616]: pam_krb5[10616]: flag: no krb4_convert
sshd[10616]: pam_krb5[10616]: flag: warn
sshd[10616]: pam_krb5[10616]: renewable lifetime: 0 
sshd[10616]: pam_krb5[10616]: banner: Kerberos 5
sshd[10616]: pam_krb5[10616]: ccache dir: /tmp
sshd[10616]: pam_krb5[10616]: keytab: /etc/krb5.keytab
sshd[10616]: pam_krb5[10616]: called to update credentials for '[censored]'
sshd[10616]: pam_krb5[10616]: _pam_krb5_sly_refresh returning 0 (Success)
sshd[10616]: fatal: PAM setcred failed[3]: Error in service module

/etc/pam.d/system-auth says:

# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_krb5.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
account     [default=bad success=ok user_unknown=ignore service_err=ignore
system_err=ignore] /lib/security/$ISA/pam_krb5.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow nis
password    sufficient    /lib/security/$ISA/pam_krb5.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_krb5.so

# rpm -qa | grep krb5

Comment 2 Michael K. Johnson 2003-10-29 15:29:29 UTC
/dev/md1               4134832   4133572         0 100% /


Note You need to log in before you can comment on or make changes to this bug.