Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 108435 - krb5 logins fail
Summary: krb5 logins fail
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: krb5
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks: CambridgeBlocker
TreeView+ depends on / blocked
 
Reported: 2003-10-29 15:26 UTC by Michael K. Johnson
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2003-10-29 15:29:29 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Michael K. Johnson 2003-10-29 15:26:58 UTC 
I just updated yesterday (tue oct 28) to latest rawhide, and now only
local users can log in; users authenticated by kerberos cannot log in.

The login attempt looks like this:

$ ssh donal
johnsonm@[censored]'s password: 
Connection to [censored] closed by remote host.
Connection to [censored] closed.
$

/var/log/secure says:

sshd[10614]: Accepted password for [censored] from [censored] port [censored] ssh2
sshd[10616]: pam_krb5[10616]: default/local realm 'REDHAT.COM'
sshd[10616]: pam_krb5[10616]: configured realm 'REDHAT.COM'
sshd[10616]: pam_krb5[10616]: flags:
sshd[10616]: pam_krb5[10616]: flag: user_check
sshd[10616]: pam_krb5[10616]: flag: no krb4_convert
sshd[10616]: pam_krb5[10616]: flag: warn
sshd[10616]: pam_krb5[10616]: renewable lifetime: 0 
sshd[10616]: pam_krb5[10616]: banner: Kerberos 5
sshd[10616]: pam_krb5[10616]: ccache dir: /tmp
sshd[10616]: pam_krb5[10616]: keytab: /etc/krb5.keytab
sshd[10616]: pam_krb5[10616]: called to update credentials for '[censored]'
sshd[10616]: pam_krb5[10616]: _pam_krb5_sly_refresh returning 0 (Success)
sshd[10616]: fatal: PAM setcred failed[3]: Error in service module

/etc/pam.d/system-auth says:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_krb5.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
account     [default=bad success=ok user_unknown=ignore service_err=ignore
system_err=ignore] /lib/security/$ISA/pam_krb5.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow nis
password    sufficient    /lib/security/$ISA/pam_krb5.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_krb5.so

# rpm -qa | grep krb5
krb5-devel-1.3.1-6
krb5-workstation-1.3.1-6
pam_krb5-2.0.4-1
krb5-libs-1.3.1-6
Comment 2 Michael K. Johnson 2003-10-29 15:29:29 UTC 
/dev/md1               4134832   4133572         0 100% /

Oops.
Note You need to log in before you can comment on or make changes to this bug.