LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   pam_krb5.so fails to retreive ticket (http://www.linuxquestions.org/questions/linux-networking-3/pam_krb5-so-fails-to-retreive-ticket-348224/)

nilecirb 07-29-2005 11:06 PM

pam_krb5.so fails to retreive ticket
 
Currently I am setting up a group of Linux machines, and I have successfully configured Samba and PAM to authenticate users that login to Linux against the Windows Active Directory of users. Furthermore, Kerberos works to the extent that I can kinit, successfully retrieve a ticket, and smbmount with it. I discovered that typing in the password twice (once for login, another to kinit) became tedious after constant use. However, I just recently discovered that there was a module named pam_krb5.so that supposedly could retrieve a ticket on login. No matter how I tried configuring it, it would not work properly.

The following is /etc/pam.d/login (sans header):
Code:

auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_winbind.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok use_first_pass
auth        required      /lib/security/pam_deny.so
auth            required      /lib/security/pam_krb5.so use_first_pass creds

account    sufficient    /lib/security/pam_winbind.so
account    required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5 shadow
password    required      /lib/security/pam_deny.so

session    required      /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0077
session    required      /lib/security/pam_limits.so
session    required      /lib/security/pam_unix.so

I'm not positive if this is relevant to this module, but when a user logs in, the username format is in DOMAIN+username. However, for kinit to work, the username must be username@DOMAIN.TLD. Would I need additional tweaking to get pam_krb5.so to work?

For those that have experience with this module, am I correct in assuming that it does in fact retrieve a ticket on login? Any help would be greatly appreciated. Thanks in advance.


All times are GMT -5. The time now is 12:03 AM.