Re: strange errors from pam-krb5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



For me a tar ball from you would be eaiser...

See-ya
Mitch


At 10:41 AM 12/4/2001 -0500, you wrote:
>You can use CVS from SourceForge -- if not, I'll send you a tar ball...
>
>Nico
>
>
>On Tue, Dec 04, 2001 at 10:34:40AM -0500, Mitchell Baker wrote:
> > Where do you want me to get it from...  I'll try anything.. hehehe..
> > If you have a tar archive, you can send it to me direct and I will
> > compile it up and try it..
> >
> > See-ya
> > Mitch
> >
> >
> >
> > At 09:44 AM 12/4/2001 -0500, you wrote:
> > >This is really weird. I'm not very familiar with the pam_krb5 at the
> > >head of the devl branch -- can you try an earlier version, the last one
> > >to which I (nmw) committed?
> > >
> > >Nico
> > >
> > >
> > >On Tue, Dec 04, 2001 at 08:15:02AM -0500, Mitchell Baker wrote:
> > > > Nico
> > > >
> > > > Ok... Added the "setcred_in_auth" and didn't seem to change the log at
> > > all..
> > > >
> > > > (login)
> > > >
> > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 551190 auth.debug] pam_krb5:
> > > > pam_sm_authenticate(sshd mdbaker): entry:
> > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 551190 auth.debug] pam_krb5:
> > > > pam_sm_authenticate(sshd mdbaker): exit: success
> > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 248316 auth.debug] pam_krb5:
> > > > pam_sm_acct_mgmt(sshd mdbaker): entry:
> > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 248316 auth.debug] pam_krb5:
> > > > pam_sm_acct_mgmt(sshd mdbaker): exit: success
> > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 800047 auth.info] Accepted 
> password
> > > > for mdbaker from XXX.XXX.XXX.XXX port 35978 ssh2
> > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 843472 auth.debug] pam_krb5:
> > > > pam_sm_setcred(sshd mdbaker): entry:
> > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 843472 auth.debug] pam_krb5:
> > > > pam_sm_setcred(sshd mdbaker): chown(): Not owner
> > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 843472 auth.debug] pam_krb5:
> > > > pam_sm_setcred(sshd mdbaker): exit: failure
> > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 833576 auth.debug] pam_setcred:
> > > error
> > > > Error in underlying service module
> > > > Nov 29 11:29:17 SYSTEM sshd[484]: [ID 993013 auth.debug] 
> pam_sm_setcred():
> > > > no module data
> > > >
> > > >
> > > > (logout)
> > > >
> > > > Nov 29 11:29:26 joint sshd[484]: [ID 833576 auth.debug] 
> pam_setcred: error
> > > > Error in underlying service module
> > > > Nov 29 11:29:26 joint sshd[484]: [ID 833576 auth.debug] 
> pam_setcred: error
> > > > Permission denied
> > > >
> > > > No the cache file does not exist... One other interesting item... If it
> > > > does exist,
> > > > it gets deleted...  That is not right... ;)
> > > >
> > > > See-ya
> > > > Mitch
> > > >
> > > >
> > > > At 11:08 AM 11/29/2001 -0500, you wrote:
> > > > >On Thu, Nov 29, 2001 at 09:18:33AM -0600, Steve Langasek wrote:
> > > > > > On Thu, Nov 29, 2001 at 09:50:51AM -0500, Mitchell Baker wrote:
> > > > > > > Authenticating but NOT setting up credential cache
> > > > > > > Solaris 8
> > > > > > > OpenSSH_3.0.1p1
> > > > > > > MIT KRB5 1.2.2
> > > > > >
> > > > > > > The pam.conf is the same on both and so is the sshd_config
> > > > > >
> > > > > > > Do have the debug option on with the pam_krb5. Here is more of
> > > the logs.
> > > > > > > With logout...
> > > > > >
> > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 551190 auth.debug] 
> pam_krb5:
> > > > > > > pam_sm_authenticate(sshd mdbaker): entry:
> > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 551190 auth.debug] 
> pam_krb5:
> > > > > > > pam_sm_authenticate(sshd mdbaker): exit: success
> > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 248316 auth.debug] 
> pam_krb5:
> > > > > > > pam_sm_acct_mgmt(sshd mdbaker): entry:
> > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 248316 auth.debug] 
> pam_krb5:
> > > > > > > pam_sm_acct_mgmt(sshd mdbaker): exit: success
> > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 800047 auth.info] Accepted
> > > > > password
> > > > > > > for mdbaker from xxx.xxx.xxx.xxx port 35740 ssh2
> > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] 
> pam_krb5:
> > > > > > > pam_sm_setcred(sshd mdbaker): entry:
> > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] 
> pam_krb5:
> > > > > > > pam_sm_setcred(sshd mdbaker): chown(): Not owner
> > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 843472 auth.debug] 
> pam_krb5:
> > > > > > > pam_sm_setcred(sshd mdbaker): exit: failure
> > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 833576 auth.debug]
> > > pam_setcred:
> > > > > error
> > > > > > > Error in underlying service module
> > > > > > > Nov 29 08:04:26 system sshd[880]: [ID 993013 auth.debug]
> > > > > pam_sm_setcred():
> > > > > > > no module data
> > > > > > > Nov 29 08:04:44 system sshd[880]: [ID 833576 auth.debug]
> > > pam_setcred:
> > > > > error
> > > > > > > Error in underlying service module
> > > > > > > Nov 29 08:04:44 system sshd[880]: [ID 833576 auth.debug]
> > > pam_setcred:
> > > > > error
> > > > > > > Permission denied
> > > > > >
> > > > > > Hmm.  Sounds like something has changed in OpenSSH 3.0.1p1 wrt the
> > > order
> > > > > > of setuid() and pam_setcred() calls.
> > > > >
> > > > >Indeed, it sounds that way.
> > > > >
> > > > > > Nico, is this our bug or theirs?
> > > > >
> > > > >Still looking. Remember, I don't use the latest pam_krb5, yet...
> > > > >
> > > > >Something looks off though, "... pam_sm_setcred(): no module 
> data"... Is
> > > > >OpenSSH perhaps using a different pam handle for the setcred?
> > > > >
> > > > >Mitchell,
> > > > >
> > > > >Can you try adding the "setcred_in_auth" option to auth pam_krb5 line?
> > > > >
> > > > >Also, does a /tmp/krb5cc_<uid> already exist and is it owned by a user
> > > > >other than the user you're logging in as?
> > > > >
> > > > >
> > > > > > Steve Langasek
> > > > > > postmodern programmer
> > > > >
> > > > >
> > > > >Nico
> > > > >--
> > > > >
> > > > >Visit our website at http://www.ubswarburg.com
> > > > >
> > > > >This message contains confidential information and is intended only
> > > > >for the individual named.  If you are not the named addressee you
> > > > >should not disseminate, distribute or copy this e-mail.  Please
> > > > >notify the sender immediately by e-mail if you have received this
> > > > >e-mail by mistake and delete this e-mail from your system.
> > > > >
> > > > >E-mail transmission cannot be guaranteed to be secure or error-free
> > > > >as information could be intercepted, corrupted, lost, destroyed,
> > > > >arrive late or incomplete, or contain viruses.  The sender therefore
> > > > >does not accept liability for any errors or omissions in the contents
> > > > >of this message which arise as a result of e-mail transmission.  If
> > > > >verification is required please request a hard-copy version.  This
> > > > >message is provided for informational purposes and should not be
> > > > >construed as a solicitation or offer to buy or sell any securities or
> > > > >related financial instruments.
> > > > >
> > > > >
> > > > >
> > > > >_______________________________________________
> > > > >
> > > > >Pam-list@redhat.com
> > > > >https://listman.redhat.com/mailman/listinfo/pam-list
> > > >
> > > > /####################################################################/
> > > > /# Mitchell "Buzz" Baker                "To Infinity And Beyond..." #/
> > > > /# Sr. Systems Admin            Rose-Hulman Institute of Technology #/
> > > > /# Mitchell.D.Baker@rose-hulman.edu             www.rose-hulman.edu #/
> > > > /#         For PGP Public key, check out www.keyserver.net          #/
> > > > /####################################################################/
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > 
> > > > Pam-list@redhat.com
> > > > https://listman.redhat.com/mailman/listinfo/pam-list
> > >--
> > >
> > >Visit our website at http://www.ubswarburg.com
> > >
> > >This message contains confidential information and is intended only
> > >for the individual named.  If you are not the named addressee you
> > >should not disseminate, distribute or copy this e-mail.  Please
> > >notify the sender immediately by e-mail if you have received this
> > >e-mail by mistake and delete this e-mail from your system.
> > >
> > >E-mail transmission cannot be guaranteed to be secure or error-free
> > >as information could be intercepted, corrupted, lost, destroyed,
> > >arrive late or incomplete, or contain viruses.  The sender therefore
> > >does not accept liability for any errors or omissions in the contents
> > >of this message which arise as a result of e-mail transmission.  If
> > >verification is required please request a hard-copy version.  This
> > >message is provided for informational purposes and should not be
> > >construed as a solicitation or offer to buy or sell any securities or
> > >related financial instruments.
> > >
> > >
> > >
> > >_______________________________________________
> > >
> > >Pam-list@redhat.com
> > >https://listman.redhat.com/mailman/listinfo/pam-list
> >
> > /####################################################################/
> > /# Mitchell "Buzz" Baker                "To Infinity And Beyond..." #/
> > /# Sr. Systems Admin            Rose-Hulman Institute of Technology #/
> > /# Mitchell.D.Baker@rose-hulman.edu             www.rose-hulman.edu #/
> > /#         For PGP Public key, check out www.keyserver.net          #/
> > /####################################################################/
> >
> >
> >
> > _______________________________________________
> > 
> > Pam-list@redhat.com
> > https://listman.redhat.com/mailman/listinfo/pam-list
>--
>
>Visit our website at http://www.ubswarburg.com
>
>This message contains confidential information and is intended only
>for the individual named.  If you are not the named addressee you
>should not disseminate, distribute or copy this e-mail.  Please
>notify the sender immediately by e-mail if you have received this
>e-mail by mistake and delete this e-mail from your system.
>
>E-mail transmission cannot be guaranteed to be secure or error-free
>as information could be intercepted, corrupted, lost, destroyed,
>arrive late or incomplete, or contain viruses.  The sender therefore
>does not accept liability for any errors or omissions in the contents
>of this message which arise as a result of e-mail transmission.  If
>verification is required please request a hard-copy version.  This
>message is provided for informational purposes and should not be
>construed as a solicitation or offer to buy or sell any securities or
>related financial instruments.
>
>
>
>_______________________________________________
>
>Pam-list@redhat.com
>https://listman.redhat.com/mailman/listinfo/pam-list

/####################################################################/
/# Mitchell "Buzz" Baker                "To Infinity And Beyond..." #/
/# Sr. Systems Admin            Rose-Hulman Institute of Technology #/
/# Mitchell.D.Baker@rose-hulman.edu             www.rose-hulman.edu #/
/#         For PGP Public key, check out www.keyserver.net          #/
/####################################################################/





[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux