On Thu, Nov 29, 2001 at 09:50:51AM -0500, Mitchell Baker wrote: > Authenticating but NOT setting up credential cache > Solaris 8 > OpenSSH_3.0.1p1 > MIT KRB5 1.2.2 > The pam.conf is the same on both and so is the sshd_config > Do have the debug option on with the pam_krb5. Here is more of the logs. > With logout... > Nov 29 08:04:26 system sshd[880]: [ID 551190 auth.debug] pam_krb5: > pam_sm_authenticate(sshd mdbaker): entry: > Nov 29 08:04:26 system sshd[880]: [ID 551190 auth.debug] pam_krb5: > pam_sm_authenticate(sshd mdbaker): exit: success > Nov 29 08:04:26 system sshd[880]: [ID 248316 auth.debug] pam_krb5: > pam_sm_acct_mgmt(sshd mdbaker): entry: > Nov 29 08:04:26 system sshd[880]: [ID 248316 auth.debug] pam_krb5: > pam_sm_acct_mgmt(sshd mdbaker): exit: success > Nov 29 08:04:26 system sshd[880]: [ID 800047 auth.info] Accepted password > for mdbaker from xxx.xxx.xxx.xxx port 35740 ssh2 > Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5: > pam_sm_setcred(sshd mdbaker): entry: > Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5: > pam_sm_setcred(sshd mdbaker): chown(): Not owner > Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5: > pam_sm_setcred(sshd mdbaker): exit: failure > Nov 29 08:04:26 system sshd[880]: [ID 833576 auth.debug] pam_setcred: error > Error in underlying service module > Nov 29 08:04:26 system sshd[880]: [ID 993013 auth.debug] pam_sm_setcred(): > no module data > Nov 29 08:04:44 system sshd[880]: [ID 833576 auth.debug] pam_setcred: error > Error in underlying service module > Nov 29 08:04:44 system sshd[880]: [ID 833576 auth.debug] pam_setcred: error > Permission denied Hmm. Sounds like something has changed in OpenSSH 3.0.1p1 wrt the order of setuid() and pam_setcred() calls. Nico, is this our bug or theirs? Steve Langasek postmodern programmer
