Re: Configuring kerberos for Solaris

Mon, 24 Mar 2003 16:48:56 -0800

Ganesh wrote: 
I'm trying to configure kerberos, to authenticate the
users through Web. I've successfully compiled
mod_auth_pam.c on Solaris 8 and am able to authenticate
the users, if I use pam_unix.so.1 in my pam.conf file.
But if I try to authenticate by using pam_krb5.so.1
it fails.

I'm using the pam_krb5.so.1 which is shipped along with solaris2.8. 

If you are using the pam_krb5 that shipped with Solaris 2.8 then you
also need to be using the SEAM package for Solaris 8 (free download
from www.sun.com).   If you go that route, I recommend making sure
you have all the latest pam_krb5 and SEAM related patches.

If you are determined to stick with the MIT Kerberos libraries and not
use the Solaris Kerberos stuff, then you should probably get a different
pam_krb5 module (http://www.fcusack.com is one such module).

-Wyllys


A snap shot of my pam.conf file :

# The commented line works fine
#
httpd   auth sufficient   /usr/lib/security/$ISA/pam_krb5.so.1
#httpd   auth required   /usr/lib/security/$ISA/pam_unix.so.1

httpd   account  sufficient     /usr/lib/security/$ISA/pam_krb5.so.1
#httpd   account required       /usr/lib/security/$ISA/pam_unix.so.1

My /etc/krb5/krb5.conf file ..

[libdefaults]
   default_realm = INDIA.HP.COM
   default_tkt_enctypes = DES-CBC-CRC
   default_tgs_enctypes = DES-CBC-CRC
   ccache_type = 2

[realms]
   INDIA.HP.COM = {
      kdc = nt40239.india.hp.com:88
      admin_server = nt40239.india.hp.com:749
      default_domain = india.hp.com
}

[domain_realm]
 .india.hp.com = INDIA.HP.COM
 india.hp.com = INDIA.HP.COM

[logging]
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmin.log
        default = FILE:/var/log/krb5lib.log

I've also updated the /etc/services file to look into my
KDC server.

My kDC server(Linux server) is up and running as I'm able to authenticate the users, with the same KDC if the client is HP-Ux m/c.

Is that I've to make any changes in my krb5.conf file or
have to rebuild the pam_krb5.so file ? Please give your
inputs!

TIA,
Ganesh.
________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos



________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to