1. Normally you shouldn't need setcred_in_auth... 2. Yes, that version does not perform kdestroys... 3. Perhaps we can get Jacques Vidrine to help debugging the latest devl version. Hopefully I can dedicate some cycles to that soon. The latest version, IIRC, does support kdestroying ccaches. Jacques? Nico On Thu, Dec 06, 2001 at 03:55:17PM -0500, Mitchell Baker wrote: > Ok... Got the tar ball and compiled and running.. Little different behavior... > Thanks Nico... > > Here are the logs: > > Login: > > Dec 6 15:41:55 SYSTEM sshd[2113]: [ID 800047 auth.info] Could not reverse > map address xxx.xxx.xxx.xxx. > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 158254 auth.debug] auth: argument 1: > setcred_in_auth > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 869057 auth.debug] (pam_krb5) > pam_sm_authenticate: PAM_USER (mdbaker) > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 574730 auth.debug] (pam_krb5) > pam_sm_authenticate: PAM_SERVICE (sshd) > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 408845 auth.debug] (pam_krb5) > pam_sm_authenticate: entry > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 381229 auth.debug] (pam_krb5) > verify_krb_v5_tgt(): returning 1 > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 925364 auth.debug] (pam_krb5) > pam_sm_authenticate: exit(success) > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 102438 auth.notice] (pam_krb5) > pam_sm_authenticate: succeeded for user (mdbaker) > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 623727 auth.debug] (pam_krb5) > pam_sm_acct_mgmt: PAM_USER (mdbaker) > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 574390 auth.debug] (pam_krb5) > pam_sm_acct_mgmt: PAM_SERVICE (sshd) > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 751197 auth.debug] (pam_krb5) > pam_sm_acct_mgmt: entry > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 536880 auth.notice] (pam_krb) > pam_sm_acct_mgmt: succeeded for user (mdbaker) > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 367584 auth.debug] (pam_krb5) > pam_sm_acct_mgmt: exit(success) > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 800047 auth.info] Accepted password > for mdbaker from 137.112.13.69 port 33048 ssh2 > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 929540 auth.debug] (pam_krb5) > pam_sm_setcred: PAM_USER (mdbaker) > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 655255 auth.debug] (pam_krb5) > pam_sm_setcred: PAM_SERVICE (sshd) > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 494573 auth.debug] (pam_krb5) > pam_sm_setcred: entry > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 233121 auth.debug] (pam_krb5) > become_user(): current gid/egid: 0, 0 > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 123252 auth.debug] (pam_krb5) > become_user(): current uid/euid: 0, 0 > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 233121 auth.debug] (pam_krb5) > become_user(): current gid/egid: 0, 15 > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 123252 auth.debug] (pam_krb5) > become_user(): current uid/euid: 0, 10755 > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 908503 auth.debug] (pam_krb5) > pam_sm_setcred: exit(success) > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 578978 auth.notice] (pam_krb5) > pam_sm_setcred: succeeded for user (mdbaker) > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 829810 auth.debug] (pam_krb5) > unbecome_user(): current gid/egid: 0, 15 > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 870736 auth.debug] (pam_krb5) > unbecome_user(): doing setregid(0, 0) > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 829810 auth.debug] (pam_krb5) > unbecome_user(): current gid/egid: 0, 0 > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 719941 auth.debug] (pam_krb5) > unbecome_user(): current uid/euid: 0, 10755 > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 200131 auth.debug] (pam_krb5) > unbecome_user(): doing setreuid(0, 0) > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 719941 auth.debug] (pam_krb5) > unbecome_user(): current uid/euid: 0, 0 > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 372751 auth.debug] (pam_krb5) > unbecome_user(): returning 0 > Dec 6 15:41:58 SYSTEM sshd[2113]: [ID 993013 auth.debug] pam_sm_setcred(): > no module data > > Logout > > Dec 6 15:42:19 SYSTEM sshd[2113]: [ID 833576 auth.debug] pam_setcred: > error Error in underlying service module > Dec 6 15:42:19 SYSTEM sshd[2113]: [ID 833576 auth.debug] pam_setcred: > error Permission denied > Dec 6 15:42:19 SYSTEM sshd[2113]: [ID 693134 auth.debug] (pam_krb5) > cleanup_ccache > Dec 6 15:42:19 SYSTEM sshd[2113]: [ID 606873 auth.debug] (pam_krb5) > cleanup_ccache done > > > A Credential cache is created now and it has the right ownership now.. But > is not deleted > and the pam_aklog is not being processed.... > > See-ya > Mitch > > > At 03:31 PM 12/4/2001 -0500, you wrote: > >I'm sending a tar ball to you now. > > /####################################################################/ > /# Mitchell "Buzz" Baker "To Infinity And Beyond..." #/ > /# Sr. Systems Admin Rose-Hulman Institute of Technology #/ > /# Mitchell.D.Baker@rose-hulman.edu www.rose-hulman.edu #/ > /# For PGP Public key, check out www.keyserver.net #/ > /####################################################################/ > > > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list -- Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments.
