Date: Mon, 21 Nov 2011 07:28:38 GMT From: Chris Telting <christoper@telting.org> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/162715: pam_krb5 not storing tickets in /tmp Message-ID: <201111210728.pAL7Scs3007880@red.freebsd.org> Resent-Message-ID: <201111210730.pAL7UCXk038984@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 162715 >Category: misc >Synopsis: pam_krb5 not storing tickets in /tmp >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Nov 21 07:30:11 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Chris Telting >Release: 8.2 >Organization: >Environment: FreeBSD cerberus.local 8.2-RELEASE-p3 FreeBSD 8.2-RELEASE-p3 #0: Wed Oct 5 10:24:38 PDT 2011 Ghost@ares.local:/var/obj/src/fbsd/src/8.2/sys/BlueKernel i386 >Description: pam_krb5 authenticates when I have it enabled in pam.d but it fails before storing a ticket in /tmp. I have tracked it down so far to pam_set_data/pam_get_data. Everything appears to be good and working in pam_sm_authenticate, I can pam_get_data after it's set perfectly fine. But in pam_sm_setcred in pam_krb5, which gets called after pam_sm_authenticate completes, pam_get_data fails to retrieve it's ccache data and fails. Now I'm stumped where to look. >How-To-Repeat: setup kerberos so you can kinit and kdestroy from a machine. Then on that machine enable kerberos through: auth sufficient pam_krb5.so debug no_warn try_first_pass Do this to login or ssh in the auth section. Use a different password for kerberos so you know what is authenticating. Use PAM_DEBUG versions of libpam.so.5 and pam_krb5.so.5 to see messages in /var/log/debug.log >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201111210728.pAL7Scs3007880>