LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 03-07-2006, 11:58 AM   #1
edgood1
Member
 
Registered: Jan 2005
Distribution: fedora, redhat, gentoo, suse
Posts: 30

Rep: Reputation: 15
Preauthentication fails with pam_krb5.so on debian


I can get this to work on a Fedora Core 3 box in less than a minute. I've been trying to do the same thing on debian for a week with no luck.

I want to use a kerberos password to login to linux. The KDC is Windows Server 2K3. the linux boxes are all using LDAP throuh active directory.

When i try to log in on a debian machine I get this error:

Mar 7 11:39:18 machine sshd[14948]: Illegal user test from ::ffff:127.0.0.1
Mar 7 11:39:20 machine sshd[14948]: (pam_unix) check pass; user unknown
Mar 7 11:39:20 machine sshd[14948]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost.localdomain
Mar 7 11:39:20 machine sshd[14948]: pam_krb5: pam_sm_authenticate(ssh test): entry:
Mar 7 11:39:20 machine sshd[14948]: pam_krb5: pam_sm_authenticate(ssh test): krb5_get_init_creds_password(): Preauthentication failed
Mar 7 11:39:20 machine sshd[14948]: pam_krb5: pam_sm_authenticate(ssh test): exit: failure
Mar 7 11:39:22 machine sshd[14948]: error: PAM: Permission denied for illegal user test from localhost.localdomain
Mar 7 11:39:23 machine sshd[14948]: Failed keyboard-interactive/pam for illegal user test from ::ffff:127.0.0.1 port 33531 ssh2


Preauthentication Failed.... what does debian need to preauthenticate that Fedora doesn't?
The clocks are all in sync with ntp. I can kinit with the user fine.
I can ldap with the user and bind with the ldap bind account.

getent passwd and getent shadow work as they should.

#/etc/pam.d/common-auth
auth sufficient pam_unix.so nullok_secure
auth sufficient pam_krb5.so try_first_pass debug

#/etc/pam.d/common-account
account sufficient pam_krb5.so
account sufficient pam_unix.so

#/etc/pam.d/common-session
session sufficient pam_krb5.so
session sufficient pam_unix.so


What am i doing wrong????
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
pam_krb5 won't retrieve a kerberos ticket Thakowbbery Conectiva 1 01-10-2007 06:20 AM
Debian-Sarge never fails to surprise me........ Monkey 9 Debian 7 12-08-2005 07:40 AM
pam_krb5.so fails to retreive ticket nilecirb Linux - Networking 0 07-30-2005 12:06 AM
pam_mount + pam_winbind + pam_krb5. All in one (?) Thakowbbery Linux - Networking 2 06-15-2005 07:49 AM
pam_krb5 source code mbtoys Linux - Networking 0 08-27-2003 08:54 AM


All times are GMT -5. The time now is 05:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration