I recently did a freebsd-update to a machine running 6.3 to 7.1. I am now having difficulty getting pam_krb5 to work as it used to for sshd authentication.
After upgrading to 7.1 I noticed the openpam_dispatch() and pam_sm_authenticate() errors on my console when trying to login via ssh. I fixed these by removing the pam_nologin module from the auth list in my sshd pam config file. My current pam sshd configuation file is as follows: # auth auth required pam_krb5.so no_warn try_first_pass #auth required pam_unix.so no_warn try_first_pass nullok # account account required pam_nologin.so #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so # session #session optional pam_ssh.so session required pam_permit.so # password #password sufficient pam_krb5.so no_warn try_first_pass password required pam_unix.so no_warn try_first_pass If I attempt to login with the correct kerberos credentials I get the following error: pam_setcred() failed to retreive user credentials If I reenable the "auth required pam_unix.so" line and change the line before it to "auth sufficient pam_krb5.so" I can logon with either my kerberos or the local system password, but no other password as expected. Unfortunately, I cannot allow local user passwords to logon to the system. What am I doing wrong a similar setup worked with FreeBSD 6.3, but the last authenticaion module was pam_nologin. Thanks, --Troy _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
