LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-29-2005, 11:06 PM   #1
nilecirb
LQ Newbie
 
Registered: Jul 2005
Posts: 21

Rep: Reputation: 15
pam_krb5.so fails to retreive ticket


Currently I am setting up a group of Linux machines, and I have successfully configured Samba and PAM to authenticate users that login to Linux against the Windows Active Directory of users. Furthermore, Kerberos works to the extent that I can kinit, successfully retrieve a ticket, and smbmount with it. I discovered that typing in the password twice (once for login, another to kinit) became tedious after constant use. However, I just recently discovered that there was a module named pam_krb5.so that supposedly could retrieve a ticket on login. No matter how I tried configuring it, it would not work properly.

The following is /etc/pam.d/login (sans header):
Code:
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_winbind.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok use_first_pass
auth        required      /lib/security/pam_deny.so
auth	    required      /lib/security/pam_krb5.so use_first_pass creds

account     sufficient    /lib/security/pam_winbind.so
account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5 shadow
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0077
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
I'm not positive if this is relevant to this module, but when a user logs in, the username format is in DOMAIN+username. However, for kinit to work, the username must be username@DOMAIN.TLD. Would I need additional tweaking to get pam_krb5.so to work?

For those that have experience with this module, am I correct in assuming that it does in fact retrieve a ticket on login? Any help would be greatly appreciated. Thanks in advance.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
pam_krb5 won't retrieve a kerberos ticket Thakowbbery Conectiva 1 01-10-2007 05:20 AM
pam_mount + pam_winbind + pam_krb5. All in one (?) Thakowbbery Linux - Networking 2 06-15-2005 06:49 AM
I rebooted server now I cant retreive emails via outlook express lexington Linux - Newbie 5 05-01-2004 11:39 PM
pam_krb5 source code mbtoys Linux - Networking 0 08-27-2003 07:54 AM
Ticket System? mcleodnine LQ Suggestions & Feedback 7 06-22-2001 02:41 AM


All times are GMT -5. The time now is 08:46 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration