Graham Freeman <[EMAIL PROTECTED]> wrote in message
news:<[EMAIL PROTECTED]>...
> On Mon, 17 Sep 2001, Tim Mooney wrote:
>
> > This is likely happening because pam_krb5.so.1 that you compiled depends on
> > symbols in the krb5 libraries, but those libraries may not be in
> > your loader's default search path. You can verify this by running
> >
> > ldd /usr/lib/security/pam_krb5.so.1
> >
> > and seeing if there are any libraries that are not found. If so, that's
> > the problem.
> >
> > You would fix it by either building the pam_krb5.so.1 with a runtime loader
> > path (an rpath or DT_RPATH) that augments where the loader searches for needed
> > shared objects or by just augmenting the runtime loader's search path in
> > general (for all dynamic objects).
> >
> > For building pam_krb5.so.1 with a special DT_RPATH, look at the man pages
> > for `ld' (especially the `-R' option and the LD_RUN_PATH env var). You can
> > examine the DT_RPATH in a shared object via `dump -Lv'.
> >
> > For augmenting the system-wide runtime loader paths, look at the man page
> > for `crle'.
> >
> > Tim
>
>
> Tim,
>
> Thank you very much for the useful information. That was at least part of
> the problem - the directory hierarchy containing some aspects of Kerberos
> 5 support was not in the library path. I'm still having more problems,
> but I'm following up with our Kerberos admin on those aspects.
>
> I'll post a summary back to this forum when I've solved the next round of
> problems.
Hi Guys,
I am just posting this because I hava a similar kind of problem with
similar system and softwares. Ah! I am also using same pam.conf that
Graham is using.
System: Solaris 8 (SunOS 5.8) for Intel
Kerberos v5 installed
openssh-2.9p2 installed
What I can do without any problem:
rlogin
rsh
ssh (using local password stored at /etc/shadow)
kinit,klist,kdestory (after login)
What I can not do:
ssh (using Kerberos password stored at KDC)
These are what I see when I do ssh from one of our linux box to this
box using Kerberos password:
[test@linux test]$ ssh -v solaris
OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: getuid 1003 geteuid 0 anon 1
debug1: Connecting to solaris [229.248.207.40] port 22.
debug1: Connection established.
debug1: unknown identity file /home/test/.ssh/identity
debug1: identity file /home/test/.ssh/identity type -1
debug1: unknown identity file /home/test/.ssh/id_rsa
debug1: identity file /home/test/.ssh/id_rsa type -1
debug1: unknown identity file /home/test/.ssh/id_dsa
debug1: identity file /home/test/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.5.2p2
debug1: send KEXINIT
debug1: done
debug1: wait KEXINIT
debug1: got kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug1: got kexinit: ssh-rsa,ssh-dss
debug1: got kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,[EMAIL PROTECTED]
debug1: got kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,[EMAIL PROTECTED]
debug1: got kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96
debug1: got kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96
debug1: got kexinit: none,zlib
debug1: got kexinit: none,zlib
debug1: got kexinit:
debug1: got kexinit:
debug1: first kex follow: 0
debug1: reserved: 0
debug1: done
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
debug1: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
debug1: Got SSH2_MSG_KEX_DH_GEX_GROUP.
debug1: dh_gen_key: priv key bits set: 131/256
debug1: bits set: 1026/2049
debug1: Sending SSH2_MSG_KEX_DH_GEX_INIT.
debug1: Wait SSH2_MSG_KEX_DH_GEX_REPLY.
debug1: Got SSH2_MSG_KEXDH_REPLY.
debug1: Host 'solaris' is known and matches the RSA host key.
debug1: Found key in /home/test/.ssh/known_hosts2:1
debug1: bits set: 1019/2049
debug1: ssh_rsa_verify: signature correct
debug1: Wait SSH2_MSG_NEWKEYS.
debug1: GOT SSH2_MSG_NEWKEYS.
debug1: send SSH2_MSG_NEWKEYS.
debug1: done: send SSH2_MSG_NEWKEYS.
debug1: done: KEX2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /home/test/.ssh/identity
debug1: try privkey: /home/test/.ssh/id_rsa
debug1: try privkey: /home/test/.ssh/id_dsa
debug1: next auth method to try is password
test@solaris's password:
debug1: ssh-userauth2 successful: method password
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: client_init id 0 arg 0
debug1: channel request 0: shell
debug1: channel 0: open confirm rwindow 0 rmax 16384
Last login: Tue Sep 18 12:00:23 2001 from linux
Sun Microsystems Inc. SunOS 5.8 Generic February 2000
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: channel 0: obuf empty
debug1: channel 0: output drain -> closed
debug1: channel 0: close_write
debug1: client_input_channel_req: channel 0 rtype exit-signal reply 0
debug1: channel 0: rcvd close
debug1: channel 0: input open -> closed
debug1: channel 0: close_read
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel_free: channel 0: status: The following connections are
open:
#0 client-session (t4 r0 i8/0 o128/0 fd -1/-1)
Connection to solaris closed.
debug1: Transferred: stdin 0, stdout 0, stderr 32 bytes in 0.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 266.6
debug1: Exit status -1
[test@linux test]$
Any idea??? Thanks in advance.
H. Ronald Yang
Programmer
LabBook.com
E-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED]
