Where do you want me to get it from... I'll try anything.. hehehe.. If you have a tar archive, you can send it to me direct and I will compile it up and try it.. See-ya Mitch At 09:44 AM 12/4/2001 -0500, you wrote: >This is really weird. I'm not very familiar with the pam_krb5 at the >head of the devl branch -- can you try an earlier version, the last one >to which I (nmw) committed? > >Nico > > >On Tue, Dec 04, 2001 at 08:15:02AM -0500, Mitchell Baker wrote: > > Nico > > > > Ok... Added the "setcred_in_auth" and didn't seem to change the log at > all.. > > > > (login) > > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 551190 auth.debug] pam_krb5: > > pam_sm_authenticate(sshd mdbaker): entry: > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 551190 auth.debug] pam_krb5: > > pam_sm_authenticate(sshd mdbaker): exit: success > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 248316 auth.debug] pam_krb5: > > pam_sm_acct_mgmt(sshd mdbaker): entry: > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 248316 auth.debug] pam_krb5: > > pam_sm_acct_mgmt(sshd mdbaker): exit: success > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 800047 auth.info] Accepted password > > for mdbaker from XXX.XXX.XXX.XXX port 35978 ssh2 > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 843472 auth.debug] pam_krb5: > > pam_sm_setcred(sshd mdbaker): entry: > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 843472 auth.debug] pam_krb5: > > pam_sm_setcred(sshd mdbaker): chown(): Not owner > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 843472 auth.debug] pam_krb5: > > pam_sm_setcred(sshd mdbaker): exit: failure > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 833576 auth.debug] pam_setcred: > error > > Error in underlying service module > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 993013 auth.debug] pam_sm_setcred(): > > no module data > > > > > > (logout) > > > > Nov 29 11:29:26 joint sshd[484]: [ID 833576 auth.debug] pam_setcred: error > > Error in underlying service module > > Nov 29 11:29:26 joint sshd[484]: [ID 833576 auth.debug] pam_setcred: error > > Permission denied > > > > No the cache file does not exist... One other interesting item... If it > > does exist, > > it gets deleted... That is not right... ;) > > > > See-ya > > Mitch > > > > > > At 11:08 AM 11/29/2001 -0500, you wrote: > > >On Thu, Nov 29, 2001 at 09:18:33AM -0600, Steve Langasek wrote: > > > > On Thu, Nov 29, 2001 at 09:50:51AM -0500, Mitchell Baker wrote: > > > > > Authenticating but NOT setting up credential cache > > > > > Solaris 8 > > > > > OpenSSH_3.0.1p1 > > > > > MIT KRB5 1.2.2 > > > > > > > > > The pam.conf is the same on both and so is the sshd_config > > > > > > > > > Do have the debug option on with the pam_krb5. Here is more of > the logs. > > > > > With logout... > > > > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 551190 auth.debug] pam_krb5: > > > > > pam_sm_authenticate(sshd mdbaker): entry: > > > > > Nov 29 08:04:26 system sshd[880]: [ID 551190 auth.debug] pam_krb5: > > > > > pam_sm_authenticate(sshd mdbaker): exit: success > > > > > Nov 29 08:04:26 system sshd[880]: [ID 248316 auth.debug] pam_krb5: > > > > > pam_sm_acct_mgmt(sshd mdbaker): entry: > > > > > Nov 29 08:04:26 system sshd[880]: [ID 248316 auth.debug] pam_krb5: > > > > > pam_sm_acct_mgmt(sshd mdbaker): exit: success > > > > > Nov 29 08:04:26 system sshd[880]: [ID 800047 auth.info] Accepted > > > password > > > > > for mdbaker from xxx.xxx.xxx.xxx port 35740 ssh2 > > > > > Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5: > > > > > pam_sm_setcred(sshd mdbaker): entry: > > > > > Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5: > > > > > pam_sm_setcred(sshd mdbaker): chown(): Not owner > > > > > Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5: > > > > > pam_sm_setcred(sshd mdbaker): exit: failure > > > > > Nov 29 08:04:26 system sshd[880]: [ID 833576 auth.debug] > pam_setcred: > > > error > > > > > Error in underlying service module > > > > > Nov 29 08:04:26 system sshd[880]: [ID 993013 auth.debug] > > > pam_sm_setcred(): > > > > > no module data > > > > > Nov 29 08:04:44 system sshd[880]: [ID 833576 auth.debug] > pam_setcred: > > > error > > > > > Error in underlying service module > > > > > Nov 29 08:04:44 system sshd[880]: [ID 833576 auth.debug] > pam_setcred: > > > error > > > > > Permission denied > > > > > > > > Hmm. Sounds like something has changed in OpenSSH 3.0.1p1 wrt the > order > > > > of setuid() and pam_setcred() calls. > > > > > >Indeed, it sounds that way. > > > > > > > Nico, is this our bug or theirs? > > > > > >Still looking. Remember, I don't use the latest pam_krb5, yet... > > > > > >Something looks off though, "... pam_sm_setcred(): no module data"... Is > > >OpenSSH perhaps using a different pam handle for the setcred? > > > > > >Mitchell, > > > > > >Can you try adding the "setcred_in_auth" option to auth pam_krb5 line? > > > > > >Also, does a /tmp/krb5cc_<uid> already exist and is it owned by a user > > >other than the user you're logging in as? > > > > > > > > > > Steve Langasek > > > > postmodern programmer > > > > > > > > >Nico > > >-- > > > > > >Visit our website at http://www.ubswarburg.com > > > > > >This message contains confidential information and is intended only > > >for the individual named. If you are not the named addressee you > > >should not disseminate, distribute or copy this e-mail. Please > > >notify the sender immediately by e-mail if you have received this > > >e-mail by mistake and delete this e-mail from your system. > > > > > >E-mail transmission cannot be guaranteed to be secure or error-free > > >as information could be intercepted, corrupted, lost, destroyed, > > >arrive late or incomplete, or contain viruses. The sender therefore > > >does not accept liability for any errors or omissions in the contents > > >of this message which arise as a result of e-mail transmission. If > > >verification is required please request a hard-copy version. This > > >message is provided for informational purposes and should not be > > >construed as a solicitation or offer to buy or sell any securities or > > >related financial instruments. > > > > > > > > > > > >_______________________________________________ > > > > > >Pam-list@redhat.com > > >https://listman.redhat.com/mailman/listinfo/pam-list > > > > /####################################################################/ > > /# Mitchell "Buzz" Baker "To Infinity And Beyond..." #/ > > /# Sr. Systems Admin Rose-Hulman Institute of Technology #/ > > /# Mitchell.D.Baker@rose-hulman.edu www.rose-hulman.edu #/ > > /# For PGP Public key, check out www.keyserver.net #/ > > /####################################################################/ > > > > > > > > _______________________________________________ > > > > Pam-list@redhat.com > > https://listman.redhat.com/mailman/listinfo/pam-list >-- > >Visit our website at http://www.ubswarburg.com > >This message contains confidential information and is intended only >for the individual named. If you are not the named addressee you >should not disseminate, distribute or copy this e-mail. Please >notify the sender immediately by e-mail if you have received this >e-mail by mistake and delete this e-mail from your system. > >E-mail transmission cannot be guaranteed to be secure or error-free >as information could be intercepted, corrupted, lost, destroyed, >arrive late or incomplete, or contain viruses. The sender therefore >does not accept liability for any errors or omissions in the contents >of this message which arise as a result of e-mail transmission. If >verification is required please request a hard-copy version. This >message is provided for informational purposes and should not be >construed as a solicitation or offer to buy or sell any securities or >related financial instruments. > > > >_______________________________________________ > >Pam-list@redhat.com >https://listman.redhat.com/mailman/listinfo/pam-list /####################################################################/ /# Mitchell "Buzz" Baker "To Infinity And Beyond..." #/ /# Sr. Systems Admin Rose-Hulman Institute of Technology #/ /# Mitchell.D.Baker@rose-hulman.edu www.rose-hulman.edu #/ /# For PGP Public key, check out www.keyserver.net #/ /####################################################################/
