[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Kerberos GDM login



I have set up a SuSE8.1 workstation to authenticate against an AD domain.

I can login fine with ssh. I was getting the same error with ssh but fixed
it with some sshd options.

But, when I login from the console I get kicked right back out.
Relevant log entries:
Jun  7 07:27:12 SSPRJDS20TEST login: (pam_krb5) initialize_method:
pam_sm_authenticate
Jun  7 07:27:12 SSPRJDS20TEST login: (pam_krb5) initialize_method:
allocating pam_krb5_state
Jun  7 07:27:12 SSPRJDS20TEST login: (pam_krb5) initialize_method: success
Jun  7 07:27:15 SSPRJDS20TEST login: (pam_krb5) pam_sm_authenticate: result
for user `test004': Success
Jun  7 07:27:16 SSPRJDS20TEST login: (pam_krb5) pam_sm_open_session: OK
Jun  7 07:27:16 SSPRJDS20TEST login: (pam_krb5) initialize_method:
pam_sm_setcred
Jun  7 07:27:16 SSPRJDS20TEST login: (pam_krb5) initialize_method: success
Jun  7 07:27:16 SSPRJDS20TEST login: (pam_krb5) pam_sm_setcred: result for
user `test004': Error in service module
Jun  7 07:27:16 SSPRJDS20TEST login: Error in service module
Jun  7 07:27:16 SSPRJDS20TEST login: (pam_krb5) cleanup_state

/etc/pam.d/gdm:
#%PAM-1.0
auth    sufficient      pam_krb5.so     missing_keytab_ok \
                                        putenv_direct
auth     required       pam_unix2.so   nullok #set_secrpc
account  required       pam_unix2.so
password required       pam_unix2.so   #strict=false
session  required       pam_unix2.so   debug # trace or none
session  required       pam_mkhomedir.so skel=/etc/skel umask=0022
session  required       pam_devperm.so
session  optional       pam_console.so

Pam_krb5 = pam_krb5-1.0.3-311


Any clues.

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here