Is there ANY libgss anywhere on the system? On Fri, 2002-04-26 at 14:26, Matthew E Glogowski wrote: > hi, > > yes i used the built-in sun kerberos package from sun. the permissions > were correct othe file, the problem is with the programs such as kinit > trying to reference a libgss.so.1 (SUNW_1.2) version which is not on the > system. > > thanks, > > -matt > > On Fri, 26 Apr 2002, Wyllys Ingersoll wrote: > > > > > Check the permissions & ownership o /usr/lib/security/pam_krb5.so.1 > > 755 root/bin is the correct PERM UID/GID combination. > > > > Also, are you running the pam_krb5 that is distributed with the > > Solaris (SEAM) kerberos packages or a third party pam_krb5 module? > > > > -Wyllys > > > > > > > > M Glogowski wrote: > > > i downloaded the sun patch cluster for solaris 8 and after > > > installatiopn/reboot i could not login to the system. > > > > > > the following patch from the April 19th patch cluster breaks > kerberos5 pam > > > on solaris 8: > > > > > > 112237-03 SunOS 5.8: mech_krb5.so.1 patch > > > > > > with this error: > > > > > > Apr 24 17:04:02 XXXXXXXXXXXXXX [ID 487707 auth.error] load_modules: > cannot > > > open module /usr/lib/security/pam_krb5.so.1 > > > > > > via your login screen (dtlogin) you may see an error message: > "Cannot load > > > PAM modules. Contact your System Administrator" > > > > > > > > > > > > my pam.conf kerberos: > > > > > > > > > # > > > # Support for Kerberos V5 authentication (uncomment to use Kerberos) > > > # > > > rlogin auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 > > > try_first_pass debug > > > login auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 > > > try_first_pass debug > > > dtlogin auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 > > > try_first_pass debug > > > other auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 > > > try_first_pass debug > > > dtlogin account sufficient /usr/lib/security/$ISA/pam_krb5.so.1 > debug > > > other account sufficient /usr/lib/security/$ISA/pam_krb5.so.1 > debug > > > other session sufficient /usr/lib/security/$ISA/pam_krb5.so.1 > debug > > > other password sufficient /usr/lib/security/$ISA/pam_krb5.so.1 > > > try_first_pass debug > > > > > > > > > > > > performing some checks you will see that it cannot find another > module: > > > > > > root@XXXXXX [root]% ldd /usr/bin/kinit > > > > > > mech_krb5.so.1 => /usr/lib/gss/gl/mech_krb5.so.1 > > > > > > libnsl.so.1 => /usr/lib/libnsl.so.1 > > > > > > libmp.so.2 => /usr/lib/libmp.so.2 > > > > > > libc.so.1 => /usr/lib/libc.so.1 > > > > > > libdl.so.1 => /usr/lib/libdl.so.1 > > > > > > libresolv.so.2 => /usr/lib/libresolv.so.2 > > > > > > libintl.so.1 => /usr/lib/libintl.so.1 > > > > > > libgss.so.1 => /usr/lib/libgss.so.1 > > > > > > libgss.so.1 (SUNW_1.2) => (version not found) > > > > > > libsocket.so.1 => /usr/lib/libsocket.so.1 > > > > > > libxfn.so.2 => /usr/lib/libxfn.so.2 > > > > > > /usr/platform/SUNW,Ultra-2/lib/libc_psr.so.1 > > > > > > root@XXXXX [root]% ldd /usr/lib/security/pam_krb5.so > > > > > > libc.so.1 => /usr/lib/libc.so.1 > > > > > > libpam.so.1 => /usr/lib/libpam.so.1 > > > > > > libnsl.so.1 => /usr/lib/libnsl.so.1 > > > > > > libsocket.so.1 => /usr/lib/libsocket.so.1 > > > > > > mech_krb5.so.1 => /usr/lib/gss/gl/mech_krb5.so.1 > > > > > > libkadm5clnt.so.1 => /usr/lib/krb5/libkadm5clnt.so.1 > > > > > > libmp.so.2 => /usr/lib/libmp.so.2 > > > > > > libdl.so.1 => /usr/lib/libdl.so.1 > > > > > > libintl.so.1 => /usr/lib/libintl.so.1 > > > > > > libxfn.so.2 => /usr/lib/libxfn.so.2 > > > > > > libresolv.so.2 => /usr/lib/libresolv.so.2 > > > > > > libgss.so.1 => /usr/lib/libgss.so.1 > > > > > > libgss.so.1 (SUNW_1.2) => (version not found) > > > > > > /usr/platform/SUNW,Ultra-2/lib/libc_psr.so.1 > > > > > > > > > > > > i don't know where to post a bug request for sun's sunsolve > > > patches....anyone know? once the patch was removed the system works > fine. > > > i dont have an idea what the (SUNW_1.2) under libgss.so.1 is? > > > > > > > > > > > > thanks, > > > > > > -matt > > > > > > please remove the _NOSPAM from my email address if you wish to > respond to me > > > directly. > > > > > > > > > > > > > > > > > > > > > > > > ________________________________________________ > > > Kerberos mailing list [EMAIL PROTECTED] > > > http://mailman.mit.edu/mailman/listinfo/kerberos > > > > > > > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > http://mailman.mit.edu/mailman/listinfo/kerberos -- Austin Gonyou Systems Architect, CCNA Coremetrics, Inc. Phone: 512-698-7250 email: [EMAIL PROTECTED]
"It is the part of a good shepherd to shear his flock, not to skin it." Latin Proverb
signature.asc
Description: This is a digitally signed message part
