>Number: 162715 >Category: misc >Synopsis: pam_krb5 not storing tickets in /tmp >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Nov 21 07:30:11 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Chris Telting >Release: 8.2 >Organization: >Environment: FreeBSD cerberus.local 8.2-RELEASE-p3 FreeBSD 8.2-RELEASE-p3 #0: Wed Oct 5 10:24:38 PDT 2011 [email protected]:/var/obj/src/fbsd/src/8.2/sys/BlueKernel i386
>Description: pam_krb5 authenticates when I have it enabled in pam.d but it fails before storing a ticket in /tmp. I have tracked it down so far to pam_set_data/pam_get_data. Everything appears to be good and working in pam_sm_authenticate, I can pam_get_data after it's set perfectly fine. But in pam_sm_setcred in pam_krb5, which gets called after pam_sm_authenticate completes, pam_get_data fails to retrieve it's ccache data and fails. Now I'm stumped where to look. >How-To-Repeat: setup kerberos so you can kinit and kdestroy from a machine. Then on that machine enable kerberos through: auth sufficient pam_krb5.so debug no_warn try_first_pass Do this to login or ssh in the auth section. Use a different password for kerberos so you know what is authenticating. Use PAM_DEBUG versions of libpam.so.5 and pam_krb5.so.5 to see messages in /var/log/debug.log >Fix: >Release-Note: >Audit-Trail: >Unformatted: _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "[email protected]"
