Bug 108435 - krb5 logins fail
krb5 logins fail
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: krb5 (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
:
Depends On:
Blocks: CambridgeBlocker
  Show dependency treegraph
 
Reported: 2003-10-29 10:26 EST by Michael K. Johnson
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-10-29 10:29:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Michael K. Johnson 2003-10-29 10:26:58 EST
I just updated yesterday (tue oct 28) to latest rawhide, and now only
local users can log in; users authenticated by kerberos cannot log in.

The login attempt looks like this:

$ ssh donal
johnsonm@[censored]'s password: 
Connection to [censored] closed by remote host.
Connection to [censored] closed.
$

/var/log/secure says:

sshd[10614]: Accepted password for [censored] from [censored] port [censored] ssh2
sshd[10616]: pam_krb5[10616]: default/local realm 'REDHAT.COM'
sshd[10616]: pam_krb5[10616]: configured realm 'REDHAT.COM'
sshd[10616]: pam_krb5[10616]: flags:
sshd[10616]: pam_krb5[10616]: flag: user_check
sshd[10616]: pam_krb5[10616]: flag: no krb4_convert
sshd[10616]: pam_krb5[10616]: flag: warn
sshd[10616]: pam_krb5[10616]: renewable lifetime: 0 
sshd[10616]: pam_krb5[10616]: banner: Kerberos 5
sshd[10616]: pam_krb5[10616]: ccache dir: /tmp
sshd[10616]: pam_krb5[10616]: keytab: /etc/krb5.keytab
sshd[10616]: pam_krb5[10616]: called to update credentials for '[censored]'
sshd[10616]: pam_krb5[10616]: _pam_krb5_sly_refresh returning 0 (Success)
sshd[10616]: fatal: PAM setcred failed[3]: Error in service module

/etc/pam.d/system-auth says:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_krb5.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
account     [default=bad success=ok user_unknown=ignore service_err=ignore
system_err=ignore] /lib/security/$ISA/pam_krb5.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow nis
password    sufficient    /lib/security/$ISA/pam_krb5.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_krb5.so

# rpm -qa | grep krb5
krb5-devel-1.3.1-6
krb5-workstation-1.3.1-6
pam_krb5-2.0.4-1
krb5-libs-1.3.1-6
Comment 2 Michael K. Johnson 2003-10-29 10:29:29 EST
/dev/md1               4134832   4133572         0 100% /

Oops.

Note You need to log in before you can comment on or make changes to this bug.