Re: strange errors from pam-krb5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is really weird. I'm not very familiar with the pam_krb5 at the
head of the devl branch -- can you try an earlier version, the last one
to which I (nmw) committed?

Nico


On Tue, Dec 04, 2001 at 08:15:02AM -0500, Mitchell Baker wrote:
> Nico
> 
> Ok... Added the "setcred_in_auth" and didn't seem to change the log at all..
> 
> (login)
> 
> Nov 29 11:29:17 SYSTEM sshd[484]: [ID 551190 auth.debug] pam_krb5: 
> pam_sm_authenticate(sshd mdbaker): entry:
> Nov 29 11:29:17 SYSTEM sshd[484]: [ID 551190 auth.debug] pam_krb5: 
> pam_sm_authenticate(sshd mdbaker): exit: success
> Nov 29 11:29:17 SYSTEM sshd[484]: [ID 248316 auth.debug] pam_krb5: 
> pam_sm_acct_mgmt(sshd mdbaker): entry:
> Nov 29 11:29:17 SYSTEM sshd[484]: [ID 248316 auth.debug] pam_krb5: 
> pam_sm_acct_mgmt(sshd mdbaker): exit: success
> Nov 29 11:29:17 SYSTEM sshd[484]: [ID 800047 auth.info] Accepted password 
> for mdbaker from XXX.XXX.XXX.XXX port 35978 ssh2
> Nov 29 11:29:17 SYSTEM sshd[484]: [ID 843472 auth.debug] pam_krb5: 
> pam_sm_setcred(sshd mdbaker): entry:
> Nov 29 11:29:17 SYSTEM sshd[484]: [ID 843472 auth.debug] pam_krb5: 
> pam_sm_setcred(sshd mdbaker): chown(): Not owner
> Nov 29 11:29:17 SYSTEM sshd[484]: [ID 843472 auth.debug] pam_krb5: 
> pam_sm_setcred(sshd mdbaker): exit: failure
> Nov 29 11:29:17 SYSTEM sshd[484]: [ID 833576 auth.debug] pam_setcred: error 
> Error in underlying service module
> Nov 29 11:29:17 SYSTEM sshd[484]: [ID 993013 auth.debug] pam_sm_setcred(): 
> no module data
> 
> 
> (logout)
> 
> Nov 29 11:29:26 joint sshd[484]: [ID 833576 auth.debug] pam_setcred: error 
> Error in underlying service module
> Nov 29 11:29:26 joint sshd[484]: [ID 833576 auth.debug] pam_setcred: error 
> Permission denied
> 
> No the cache file does not exist... One other interesting item... If it 
> does exist,
> it gets deleted...  That is not right... ;)
> 
> See-ya
> Mitch
> 
> 
> At 11:08 AM 11/29/2001 -0500, you wrote:
> >On Thu, Nov 29, 2001 at 09:18:33AM -0600, Steve Langasek wrote:
> > > On Thu, Nov 29, 2001 at 09:50:51AM -0500, Mitchell Baker wrote:
> > > > Authenticating but NOT setting up credential cache
> > > > Solaris 8
> > > > OpenSSH_3.0.1p1
> > > > MIT KRB5 1.2.2
> > >
> > > > The pam.conf is the same on both and so is the sshd_config
> > >
> > > > Do have the debug option on with the pam_krb5. Here is more of the logs.
> > > > With logout...
> > >
> > > > Nov 29 08:04:26 system sshd[880]: [ID 551190 auth.debug] pam_krb5:
> > > > pam_sm_authenticate(sshd mdbaker): entry:
> > > > Nov 29 08:04:26 system sshd[880]: [ID 551190 auth.debug] pam_krb5:
> > > > pam_sm_authenticate(sshd mdbaker): exit: success
> > > > Nov 29 08:04:26 system sshd[880]: [ID 248316 auth.debug] pam_krb5:
> > > > pam_sm_acct_mgmt(sshd mdbaker): entry:
> > > > Nov 29 08:04:26 system sshd[880]: [ID 248316 auth.debug] pam_krb5:
> > > > pam_sm_acct_mgmt(sshd mdbaker): exit: success
> > > > Nov 29 08:04:26 system sshd[880]: [ID 800047 auth.info] Accepted 
> > password
> > > > for mdbaker from xxx.xxx.xxx.xxx port 35740 ssh2
> > > > Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5:
> > > > pam_sm_setcred(sshd mdbaker): entry:
> > > > Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5:
> > > > pam_sm_setcred(sshd mdbaker): chown(): Not owner
> > > > Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5:
> > > > pam_sm_setcred(sshd mdbaker): exit: failure
> > > > Nov 29 08:04:26 system sshd[880]: [ID 833576 auth.debug] pam_setcred: 
> > error
> > > > Error in underlying service module
> > > > Nov 29 08:04:26 system sshd[880]: [ID 993013 auth.debug] 
> > pam_sm_setcred():
> > > > no module data
> > > > Nov 29 08:04:44 system sshd[880]: [ID 833576 auth.debug] pam_setcred: 
> > error
> > > > Error in underlying service module
> > > > Nov 29 08:04:44 system sshd[880]: [ID 833576 auth.debug] pam_setcred: 
> > error
> > > > Permission denied
> > >
> > > Hmm.  Sounds like something has changed in OpenSSH 3.0.1p1 wrt the order
> > > of setuid() and pam_setcred() calls.
> >
> >Indeed, it sounds that way.
> >
> > > Nico, is this our bug or theirs?
> >
> >Still looking. Remember, I don't use the latest pam_krb5, yet...
> >
> >Something looks off though, "... pam_sm_setcred(): no module data"... Is
> >OpenSSH perhaps using a different pam handle for the setcred?
> >
> >Mitchell,
> >
> >Can you try adding the "setcred_in_auth" option to auth pam_krb5 line?
> >
> >Also, does a /tmp/krb5cc_<uid> already exist and is it owned by a user
> >other than the user you're logging in as?
> >
> >
> > > Steve Langasek
> > > postmodern programmer
> >
> >
> >Nico
> >--
> >
> >Visit our website at http://www.ubswarburg.com
> >
> >This message contains confidential information and is intended only
> >for the individual named.  If you are not the named addressee you
> >should not disseminate, distribute or copy this e-mail.  Please
> >notify the sender immediately by e-mail if you have received this
> >e-mail by mistake and delete this e-mail from your system.
> >
> >E-mail transmission cannot be guaranteed to be secure or error-free
> >as information could be intercepted, corrupted, lost, destroyed,
> >arrive late or incomplete, or contain viruses.  The sender therefore
> >does not accept liability for any errors or omissions in the contents
> >of this message which arise as a result of e-mail transmission.  If
> >verification is required please request a hard-copy version.  This
> >message is provided for informational purposes and should not be
> >construed as a solicitation or offer to buy or sell any securities or
> >related financial instruments.
> >
> >
> >
> >_______________________________________________
> >
> >Pam-list@redhat.com
> >https://listman.redhat.com/mailman/listinfo/pam-list
> 
> /####################################################################/
> /# Mitchell "Buzz" Baker                "To Infinity And Beyond..." #/
> /# Sr. Systems Admin            Rose-Hulman Institute of Technology #/
> /# Mitchell.D.Baker@rose-hulman.edu             www.rose-hulman.edu #/
> /#         For PGP Public key, check out www.keyserver.net          #/
> /####################################################################/
> 
> 
> 
> _______________________________________________
> 
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
--

Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.





[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux