-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Russ Allbery wrote: > Lars Schimmer <[EMAIL PROTECTED]> writes: > >> I changed krb5 server from MIT to Win 2003 AD (on another PC). So I >> only changed the name of the krb5 server in the krb5.conf and rebooted. >> LogIn as root and kinit user /aklog obtained me tickets/tokens. Login >> via gdm/pam doesn´t do well (it works with MIT krb5 server, not with >> Win2003AD). Syslog tells me this: > >> Jun 8 09:30:01 testpc CRON[5056]: (pam_krb5): none: pam_sm_acct_mgmt: >> entry (0x8000) >> Jun 8 09:30:01 testpc CRON[5056]: (pam_krb5): none: skipping >> non-Kerberos login >> Jun 8 09:30:01 testpc CRON[5056]: (pam_krb5): none: pam_sm_acct_mgmt: >> exit (success) >> Jun 8 09:30:01 testpc CRON[5056]: (pam_krb5): none: pam_sm_setcred: >> entry (0x2) >> Jun 8 09:30:01 testpc CRON[5056]: (pam_krb5): none: no context found, >> creating one >> Jun 8 09:30:01 testpc CRON[5056]: (pam_krb5): none: ignoring root user > > Those syslog messages are all from cron running session hooks before > jobs. We'd need to see the log messages from gdm to figure out what's > wrong with gdm.
Ok, I set debug info of gdm to enable. Some more info, but not much. I switched from MIT krb5 server to Win2003 AD server. I can login to "debian etch" linux as root, kinit schimmer/aklog and go to my AFS space, all fine with the correct token. While trying to login with gdm it prints out this errors: Jun 9 12:26:56 testpc gdm[3320]: set config key debug/Enable to boolean true Jun 9 12:26:56 testpc gdm[3320]: Handling user message: 'CLOSE' Jun 9 12:27:01 testpc gdm[3326]: (pam_krb5): none: pam_sm_authenticate: entry (0x0) Jun 9 12:27:03 testpc gdm[3326]: (pam_krb5): schimmer: credential verification failed: Key table entry not found Jun 9 12:27:03 testpc gdm[3326]: (pam_krb5): schimmer: pam_sm_authenticate: exit (failure) Jun 9 12:27:03 testpc gdm[3320]: Handling message: 'QUERYLOGIN 3326 schimmer' Jun 9 12:27:03 testpc gdm[3320]: Got QUERYLOGIN schimmer Jun 9 12:27:03 testpc gdm[3326]: (pam_krb5): none: pam_sm_acct_mgmt: entry (0x0) Jun 9 12:27:03 testpc gdm[3326]: (pam_krb5): none: skipping non-Kerberos login Jun 9 12:27:03 testpc gdm[3326]: (pam_krb5): none: pam_sm_acct_mgmt: exit (success) Jun 9 12:27:03 testpc gdm[3326]: (pam_krb5): none: pam_sm_setcred: entry (0x2) Jun 9 12:27:03 testpc gdm[3326]: (pam_krb5): none: no context found, creating one Jun 9 12:27:03 testpc gdm[3326]: (pam_krb5): schimmer: unable to get PAM_KRB5CCNAME, assuming non-Kerberos login Jun 9 12:27:03 testpc gdm[3326]: (pam_krb5): none: pam_sm_setcred: exit (success) Jun 9 12:27:03 testpc gdm[3326]: (pam_krb5): none: pam_sm_setcred: entry (0x2) Jun 9 12:27:03 testpc gdm[3326]: (pam_krb5): none: no context found, creating one Jun 9 12:27:03 testpc gdm[3326]: (pam_krb5): schimmer: unable to get PAM_KRB5CCNAME, assuming non-Kerberos login Jun 9 12:27:03 testpc gdm[3326]: (pam_krb5): none: pam_sm_setcred: exit (success) Jun 9 12:27:03 testpc gdm[3326]: pam_openafs-krb5: open_session: Could not find Kerberos tickets; not running aklog Jun 9 12:27:03 testpc gdm[3320]: Handling message: 'LOGGED_IN 3326 1' kdm didn´t even worked on etch with MIT krb5 server, but gdm worked til the switch to wind AD 2003. MfG, Lars Schimmer - -- - ------------------------------------------------------------- TU Graz, Institut für ComputerGraphik & WissensVisualisierung Tel: +43 316 873-5405 E-Mail: [EMAIL PROTECTED] Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGaoGemWhuE0qbFyMRAtyIAJ0W3VCcjCZQGFKKjdwUz2RMRTV+9gCeIRCE HsuFbeG5rX9ECfpfyi2+CvI= =1L5N -----END PGP SIGNATURE----- _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
