Nico... I'm using the latest version from Openssh from the openssh site... Unzip, configure and make... My configure line just adds in support for pam install local dir and that is about it... Pretty simple configuration and install. Yes it is an interactive login.. The log shows it setting up the pty. I gain access.. the only thing that is not happening is the credential cache is not being saved to disk... It is authenticating to the KDC I can see that in the KDC logs.... The differences in the systems: Authenticating and setting up credential cache Solaris 8 Openssh 2.5.2p2 (one reason I'm trying to get the latest installed ) MIT KRB5 1.2.2 Authenticating but NOT setting up credential cache Solaris 8 OpenSSH_3.0.1p1 MIT KRB5 1.2.2 The pam.conf is the same on both and so is the sshd_config Do have the debug option on with the pam_krb5. Here is more of the logs. With logout... Nov 29 08:04:26 system sshd[880]: [ID 551190 auth.debug] pam_krb5: pam_sm_authenticate(sshd mdbaker): entry: Nov 29 08:04:26 system sshd[880]: [ID 551190 auth.debug] pam_krb5: pam_sm_authenticate(sshd mdbaker): exit: success Nov 29 08:04:26 system sshd[880]: [ID 248316 auth.debug] pam_krb5: pam_sm_acct_mgmt(sshd mdbaker): entry: Nov 29 08:04:26 system sshd[880]: [ID 248316 auth.debug] pam_krb5: pam_sm_acct_mgmt(sshd mdbaker): exit: success Nov 29 08:04:26 system sshd[880]: [ID 800047 auth.info] Accepted password for mdbaker from xxx.xxx.xxx.xxx port 35740 ssh2 Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5: pam_sm_setcred(sshd mdbaker): entry: Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5: pam_sm_setcred(sshd mdbaker): chown(): Not owner Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5: pam_sm_setcred(sshd mdbaker): exit: failure Nov 29 08:04:26 system sshd[880]: [ID 833576 auth.debug] pam_setcred: error Error in underlying service module Nov 29 08:04:26 system sshd[880]: [ID 993013 auth.debug] pam_sm_setcred(): no module data Nov 29 08:04:44 system sshd[880]: [ID 833576 auth.debug] pam_setcred: error Error in underlying service module Nov 29 08:04:44 system sshd[880]: [ID 833576 auth.debug] pam_setcred: error Permission denied When I turn on DEBUG for SSH you can also see the pty getting setup... Thanks See-ya Mitch At 03:10 PM 11/28/2001 -0500, you wrote: >Are you by any chance using an openssh kludged not to call pam_setcred >or something of the sort? > >Are you doing an interactive login (i.e., with a pty/tty)? > >Did you add the 'debug' to the pam_krb5 config lines? > >Nico > > >On Wed, Nov 28, 2001 at 01:25:08PM -0500, Mitchell Baker wrote: > > Background: > > > > Solaris 8 system which has had Titan run on it. Using the pam-krb5 > > module from Sourceforge. Will authenticate but will not create ticket > > cache.. Get this following error in the logs: > > > > Nov 27 16:46:51 SYSTEM sshd[644]: [ID 551190 auth.debug] pam_krb5: > > pam_sm_authenticate(sshd USERNAME): entry: > > Nov 27 16:46:51 SYSTEM sshd[644]: [ID 551190 auth.debug] pam_krb5: > > pam_sm_authenticate(sshd USERNAME): exit: success > > Nov 27 16:46:51 SYSTEM sshd[644]: [ID 800047 auth.debug] debug1: PAM > > Password authentication accepted for user "USERNAME" > > > > Any ideas? This is working on other system we have. The main diff is > > Titan was not run on them... > > > > Thanks.. > > > > See-ya > > Mitch > > > > > > /####################################################################/ > > /# Mitchell "Buzz" Baker "To Infinity And Beyond..." #/ > > /# Sr. Systems Admin Rose-Hulman Institute of Technology #/ > > /# Mitchell.D.Baker@rose-hulman.edu www.rose-hulman.edu #/ > > /# For PGP Public key, check out www.keyserver.net #/ > > /####################################################################/ > > > > > > > > _______________________________________________ > > > > Pam-list@redhat.com > > https://listman.redhat.com/mailman/listinfo/pam-list >-- > >Visit our website at http://www.ubswarburg.com > >This message contains confidential information and is intended only >for the individual named. If you are not the named addressee you >should not disseminate, distribute or copy this e-mail. Please >notify the sender immediately by e-mail if you have received this >e-mail by mistake and delete this e-mail from your system. > >E-mail transmission cannot be guaranteed to be secure or error-free >as information could be intercepted, corrupted, lost, destroyed, >arrive late or incomplete, or contain viruses. The sender therefore >does not accept liability for any errors or omissions in the contents >of this message which arise as a result of e-mail transmission. If >verification is required please request a hard-copy version. This >message is provided for informational purposes and should not be >construed as a solicitation or offer to buy or sell any securities or >related financial instruments. > > > >_______________________________________________ > >Pam-list@redhat.com >https://listman.redhat.com/mailman/listinfo/pam-list /####################################################################/ /# Mitchell "Buzz" Baker "To Infinity And Beyond..." #/ /# Sr. Systems Admin Rose-Hulman Institute of Technology #/ /# Mitchell.D.Baker@rose-hulman.edu www.rose-hulman.edu #/ /# For PGP Public key, check out www.keyserver.net #/ /####################################################################/
