You can use CVS from SourceForge -- if not, I'll send you a tar ball... Nico On Tue, Dec 04, 2001 at 10:34:40AM -0500, Mitchell Baker wrote: > Where do you want me to get it from... I'll try anything.. hehehe.. > If you have a tar archive, you can send it to me direct and I will > compile it up and try it.. > > See-ya > Mitch > > > > At 09:44 AM 12/4/2001 -0500, you wrote: > >This is really weird. I'm not very familiar with the pam_krb5 at the > >head of the devl branch -- can you try an earlier version, the last one > >to which I (nmw) committed? > > > >Nico > > > > > >On Tue, Dec 04, 2001 at 08:15:02AM -0500, Mitchell Baker wrote: > > > Nico > > > > > > Ok... Added the "setcred_in_auth" and didn't seem to change the log at > > all.. > > > > > > (login) > > > > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 551190 auth.debug] pam_krb5: > > > pam_sm_authenticate(sshd mdbaker): entry: > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 551190 auth.debug] pam_krb5: > > > pam_sm_authenticate(sshd mdbaker): exit: success > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 248316 auth.debug] pam_krb5: > > > pam_sm_acct_mgmt(sshd mdbaker): entry: > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 248316 auth.debug] pam_krb5: > > > pam_sm_acct_mgmt(sshd mdbaker): exit: success > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 800047 auth.info] Accepted password > > > for mdbaker from XXX.XXX.XXX.XXX port 35978 ssh2 > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 843472 auth.debug] pam_krb5: > > > pam_sm_setcred(sshd mdbaker): entry: > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 843472 auth.debug] pam_krb5: > > > pam_sm_setcred(sshd mdbaker): chown(): Not owner > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 843472 auth.debug] pam_krb5: > > > pam_sm_setcred(sshd mdbaker): exit: failure > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 833576 auth.debug] pam_setcred: > > error > > > Error in underlying service module > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 993013 auth.debug] pam_sm_setcred(): > > > no module data > > > > > > > > > (logout) > > > > > > Nov 29 11:29:26 joint sshd[484]: [ID 833576 auth.debug] pam_setcred: error > > > Error in underlying service module > > > Nov 29 11:29:26 joint sshd[484]: [ID 833576 auth.debug] pam_setcred: error > > > Permission denied > > > > > > No the cache file does not exist... One other interesting item... If it > > > does exist, > > > it gets deleted... That is not right... ;) > > > > > > See-ya > > > Mitch > > > > > > > > > At 11:08 AM 11/29/2001 -0500, you wrote: > > > >On Thu, Nov 29, 2001 at 09:18:33AM -0600, Steve Langasek wrote: > > > > > On Thu, Nov 29, 2001 at 09:50:51AM -0500, Mitchell Baker wrote: > > > > > > Authenticating but NOT setting up credential cache > > > > > > Solaris 8 > > > > > > OpenSSH_3.0.1p1 > > > > > > MIT KRB5 1.2.2 > > > > > > > > > > > The pam.conf is the same on both and so is the sshd_config > > > > > > > > > > > Do have the debug option on with the pam_krb5. Here is more of > > the logs. > > > > > > With logout... > > > > > > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 551190 auth.debug] pam_krb5: > > > > > > pam_sm_authenticate(sshd mdbaker): entry: > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 551190 auth.debug] pam_krb5: > > > > > > pam_sm_authenticate(sshd mdbaker): exit: success > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 248316 auth.debug] pam_krb5: > > > > > > pam_sm_acct_mgmt(sshd mdbaker): entry: > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 248316 auth.debug] pam_krb5: > > > > > > pam_sm_acct_mgmt(sshd mdbaker): exit: success > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 800047 auth.info] Accepted > > > > password > > > > > > for mdbaker from xxx.xxx.xxx.xxx port 35740 ssh2 > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5: > > > > > > pam_sm_setcred(sshd mdbaker): entry: > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5: > > > > > > pam_sm_setcred(sshd mdbaker): chown(): Not owner > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] pam_krb5: > > > > > > pam_sm_setcred(sshd mdbaker): exit: failure > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 833576 auth.debug] > > pam_setcred: > > > > error > > > > > > Error in underlying service module > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 993013 auth.debug] > > > > pam_sm_setcred(): > > > > > > no module data > > > > > > Nov 29 08:04:44 system sshd[880]: [ID 833576 auth.debug] > > pam_setcred: > > > > error > > > > > > Error in underlying service module > > > > > > Nov 29 08:04:44 system sshd[880]: [ID 833576 auth.debug] > > pam_setcred: > > > > error > > > > > > Permission denied > > > > > > > > > > Hmm. Sounds like something has changed in OpenSSH 3.0.1p1 wrt the > > order > > > > > of setuid() and pam_setcred() calls. > > > > > > > >Indeed, it sounds that way. > > > > > > > > > Nico, is this our bug or theirs? > > > > > > > >Still looking. Remember, I don't use the latest pam_krb5, yet... > > > > > > > >Something looks off though, "... pam_sm_setcred(): no module data"... Is > > > >OpenSSH perhaps using a different pam handle for the setcred? > > > > > > > >Mitchell, > > > > > > > >Can you try adding the "setcred_in_auth" option to auth pam_krb5 line? > > > > > > > >Also, does a /tmp/krb5cc_<uid> already exist and is it owned by a user > > > >other than the user you're logging in as? > > > > > > > > > > > > > Steve Langasek > > > > > postmodern programmer > > > > > > > > > > > >Nico > > > >-- > > > > > > > >Visit our website at http://www.ubswarburg.com > > > > > > > >This message contains confidential information and is intended only > > > >for the individual named. If you are not the named addressee you > > > >should not disseminate, distribute or copy this e-mail. Please > > > >notify the sender immediately by e-mail if you have received this > > > >e-mail by mistake and delete this e-mail from your system. > > > > > > > >E-mail transmission cannot be guaranteed to be secure or error-free > > > >as information could be intercepted, corrupted, lost, destroyed, > > > >arrive late or incomplete, or contain viruses. The sender therefore > > > >does not accept liability for any errors or omissions in the contents > > > >of this message which arise as a result of e-mail transmission. If > > > >verification is required please request a hard-copy version. This > > > >message is provided for informational purposes and should not be > > > >construed as a solicitation or offer to buy or sell any securities or > > > >related financial instruments. > > > > > > > > > > > > > > > >_______________________________________________ > > > > > > > >Pam-list@redhat.com > > > >https://listman.redhat.com/mailman/listinfo/pam-list > > > > > > /####################################################################/ > > > /# Mitchell "Buzz" Baker "To Infinity And Beyond..." #/ > > > /# Sr. Systems Admin Rose-Hulman Institute of Technology #/ > > > /# Mitchell.D.Baker@rose-hulman.edu www.rose-hulman.edu #/ > > > /# For PGP Public key, check out www.keyserver.net #/ > > > /####################################################################/ > > > > > > > > > > > > _______________________________________________ > > > > > > Pam-list@redhat.com > > > https://listman.redhat.com/mailman/listinfo/pam-list > >-- > > > >Visit our website at http://www.ubswarburg.com > > > >This message contains confidential information and is intended only > >for the individual named. If you are not the named addressee you > >should not disseminate, distribute or copy this e-mail. Please > >notify the sender immediately by e-mail if you have received this > >e-mail by mistake and delete this e-mail from your system. > > > >E-mail transmission cannot be guaranteed to be secure or error-free > >as information could be intercepted, corrupted, lost, destroyed, > >arrive late or incomplete, or contain viruses. The sender therefore > >does not accept liability for any errors or omissions in the contents > >of this message which arise as a result of e-mail transmission. If > >verification is required please request a hard-copy version. This > >message is provided for informational purposes and should not be > >construed as a solicitation or offer to buy or sell any securities or > >related financial instruments. > > > > > > > >_______________________________________________ > > > >Pam-list@redhat.com > >https://listman.redhat.com/mailman/listinfo/pam-list > > /####################################################################/ > /# Mitchell "Buzz" Baker "To Infinity And Beyond..." #/ > /# Sr. Systems Admin Rose-Hulman Institute of Technology #/ > /# Mitchell.D.Baker@rose-hulman.edu www.rose-hulman.edu #/ > /# For PGP Public key, check out www.keyserver.net #/ > /####################################################################/ > > > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list -- Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments.