Hey, I have configured PAM for a system to allow people in a file in /etc/ to login. This is similar to the realm kit configuration for those of you who are at NCSU and use realm linux (its actually a copy of the file referred to by pam_stack.so). Everything as far as allowing logins to users works fine, anyone in my file in /etc/ can login. The root user can also login. After a user that is disallowed from the system (not in my listfile but is a valid kerberos user)attempts to login and gets denied a different valid new user can not login until the login program times out and restarts. I am baffled as to why this is happening. The following is the contents of /etc/pam.d/login and the output from /var/log/auth.log auth sufficient pam_unix.so likeauth nullok debug auth required pam_krb5.so use_first_pass debug auth required pam_listfile.so item=user sense=allow file=/etc/users.local account sufficient pam_unix.so debug account required pam_deny.so debug password sufficient pam_unix.so nullok use_authtok md5 shadow debug password sufficient pam_krb5.so use_authtok debug password required pam_deny.so debug session required pam_limits.so debug session required pam_unix.so debug session optional pam_krb5.so debug ==== LOG ==== ***THIS IS A VALID KERBEROS USER ATTEMPTING LOGIN **** ***THEY ARE NOT IN THE /etc/users.local file ********* Dec 8 15:47:25 fisher PAM_unix[21966]: authentication failure; root(uid=0) -> mppetrov for login service Dec 8 15:47:25 fisher login[21966]: pam_krb5: pam_sm_authenticate(login mppetrov): entry: Dec 8 15:47:25 fisher login[21966]: pam_krb5: verify_krb_v5_tgt(): krb5_kt_read_service_key(): No such file or directory Dec 8 15:47:25 fisher login[21966]: pam_krb5: pam_sm_authenticate(login mppetrov): exit: success Dec 8 15:47:25 fisher login[21966]: PAM-listfile: Refused user mppetrov for service login Dec 8 15:47:28 fisher login[21966]: FAILED LOGIN (1) on `pts/3' FOR `mppetrov', Authentication failure **** HERE IS THE ATTEMPT DIRECTLY AFTERWARDS TO TRY TO ALLOW **** **** A VALID USER IN ALL ASPECTS TO LOGIN, HE CAN LOGIN NORMALLY **** **** IF HE GOES FIRST ***** Dec 8 15:47:35 fisher PAM_unix[21966]: authentication failure; root(uid=0) -> waparris for login service Dec 8 15:47:35 fisher login[21966]: pam_krb5: pam_sm_authenticate(login waparris): entry: Dec 8 15:47:35 fisher login[21966]: pam_krb5: verify_krb_v5_tgt(): krb5_kt_read_service_key(): No such file or directory Dec 8 15:47:35 fisher login[21966]: pam_krb5: pam_sm_authenticate(login waparris): pam_get_data(): ccache data already present Dec 8 15:47:35 fisher login[21966]: pam_krb5: pam_sm_authenticate(login waparris): exit: failure Dec 8 15:47:37 fisher login[21966]: FAILED LOGIN (2) on `pts/3' FOR `waparris', Authentication failure Any input is welcome here, as I am out of ideas. Cheers, -- Adam Parrish Asst. Linux Administrator ECE Dept, North Carolina State University Office: 919.515.0124 _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
