Bug 240338 - Users immediately kicked out after pam_krb5 authentication
Summary: Users immediately kicked out after pam_krb5 authentication
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: pam_krb5   
(Show other bugs)
Version: 5.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-05-16 16:25 UTC by Norman Elton
Modified: 2009-03-28 02:23 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-03-28 02:23:31 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Norman Elton 2007-05-16 16:25:38 UTC
Description of problem:

I have installed RHEL5 on a test system, and am authenticating users that are
stored in an LDAP database via Kerberos.

Local accounts (such as root) can login without a problem. Accounts stored in
the LDAP/Kerberos database are having trouble. They can occassionally login
fine. More often than not, once they hit a bash prompt, they are immediately
kicked back to the login prompt. It's like bash is crashing.

Regardless of whether they can successfully get to a bash prompt or not, I see
the following errors in my /var/log/secure file:

May 15 15:57:00 localhost login: pam_unix(login:auth): authentication failure;
logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=  user=testuser
May 15 15:57:00 localhost login: pam_krb5[3659]: authentication succeeds for
'testuser' ( testuser@KRBDOMAIN)
May 15 15:57:00 localhost login: pam_unix(login:session): session opened for
user testuser by LOGIN(uid=0)
May 15 15:57:00 localhost login: pam_selinux(login:session): Warning!  Could not
get new context for /dev/tty1, not relabeling: Invalid argument
May 15 15:57:00 localhost login: pam_selinux(login:session): usercon=(null),
prev_context=system_u:object_r:tty_device_t
May 15 15:57:00 localhost login: LOGIN ON tty1 BY testuser
May 15 15:57:00 rheltest login: pam_unix(login:session): session closed for user
testuser 

I have put selinux into permissive mode, and still get the same log entries and
the same symptoms. I suspect this is a PAM/Kerberos issue more than an selinux
issue.

Thoughts? Is there a bug with pam_krb5, or is there something else that could be
causing this behavior? It's especially bizarre that the behavior is unpredictable.

Thanks

Norman

Comment 1 Norman Elton 2007-05-16 18:27:15 UTC
To further test this, I've taken LDAP out of the loop. A local user who is
authenticated via Kerberos is immediately kicked back to the login prompt about
50% of the time. A local user with a local password does not have any problems.

Comment 2 Subhendu Ghosh 2009-03-28 02:23:31 UTC
If this is a support issue on RHEL, please contact support at:
https://www.redhat.com/support/process/production

Bugzilla is not a  customer support vehicle.


Note You need to log in before you can comment on or make changes to this bug.