I recently did a freebsd-update to a machine running 6.3 to 7.1. I am now
having difficulty getting pam_krb5 to work as it used to for sshd
After upgrading to 7.1 I noticed the openpam_dispatch() and
pam_sm_authenticate() errors on my console when trying to login via ssh. I
fixed these by removing the pam_nologin module from the auth list in my sshd
pam config file.
My current pam sshd configuation file is as follows:
auth required pam_krb5.so no_warn
#auth required pam_unix.so no_warn
account required pam_nologin.so
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
#session optional pam_ssh.so
session required pam_permit.so
#password sufficient pam_krb5.so no_warn
password required pam_unix.so no_warn
If I attempt to login with the correct kerberos credentials I get the
pam_setcred() failed to retreive user credentials
If I reenable the "auth required pam_unix.so" line and change the line
before it to "auth sufficient pam_krb5.so" I can logon with either my
kerberos or the local system password, but no other password as expected.
Unfortunately, I cannot allow local user passwords to logon to the system.
What am I doing wrong a similar setup worked with FreeBSD 6.3, but the last
authenticaion module was pam_nologin.
email@example.com mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"