From: Ness, Todd (todd.nesseds.com)
Date: Mon Jun 07 2004 - 09:35:13 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have set up a SuSE8.1 workstation to authenticate against an AD domain.

I can login fine with ssh. I was getting the same error with ssh but fixed
it with some sshd options.

But, when I login from the console I get kicked right back out.
Relevant log entries:
Jun 7 07:27:12 SSPRJDS20TEST login: (pam_krb5) initialize_method:
pam_sm_authenticate
Jun 7 07:27:12 SSPRJDS20TEST login: (pam_krb5) initialize_method:
allocating pam_krb5_state
Jun 7 07:27:12 SSPRJDS20TEST login: (pam_krb5) initialize_method: success
Jun 7 07:27:15 SSPRJDS20TEST login: (pam_krb5) pam_sm_authenticate: result
for user `test004': Success
Jun 7 07:27:16 SSPRJDS20TEST login: (pam_krb5) pam_sm_open_session: OK
Jun 7 07:27:16 SSPRJDS20TEST login: (pam_krb5) initialize_method:
pam_sm_setcred
Jun 7 07:27:16 SSPRJDS20TEST login: (pam_krb5) initialize_method: success
Jun 7 07:27:16 SSPRJDS20TEST login: (pam_krb5) pam_sm_setcred: result for
user `test004': Error in service module
Jun 7 07:27:16 SSPRJDS20TEST login: Error in service module
Jun 7 07:27:16 SSPRJDS20TEST login: (pam_krb5) cleanup_state

/etc/pam.d/gdm:
#%PAM-1.0
auth sufficient pam_krb5.so missing_keytab_ok \
                                        putenv_direct
auth required pam_unix2.so nullok #set_secrpc
account required pam_unix2.so
password required pam_unix2.so #strict=false
session required pam_unix2.so debug # trace or none
session required pam_mkhomedir.so skel=/etc/skel umask=0022
session required pam_devperm.so
session optional pam_console.so

Pam_krb5 = pam_krb5-1.0.3-311

Any clues.

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]