On 14 Nov 2010, at 00:15, Patrick O'Sullivan wrote: > Hello all, > > I successfully have gotten authentication to an AD Kerberos server > working along with uid/gid resolution from AD LDAP. However, I am > getting a strange PAM error and the only reference I can find for it > is in the OpenSolaris PAM source code. > > r...@oitest1:~# uname -a > SunOS oitest1 5.11 oi_147 i86pc i386 i86pc Solaris > > Now, logging in from another machine: > > $ ssh user...@oitest1 > Password: > Your Kerberos account/password will expire in 9801 days. > > > Last login: Sat Nov 13 13:42:30 2010 from 10.128.6.55 > OpenIndiana SunOS 5.11 oi_147 September 2010 > -bash-4.0$ id > uid=20002(userfoo) gid=30000(staff) > -bash-4.0$ getent passwd userfoo > userfoo:x:20002:30000:User Foo:/home/userfoo:/bin/bash > > Now, the weird part. At the time of logging in, I get the following log entry: > > Nov 13 13:45:25 oitest1 sshd[3925]: [ID 414352 auth.error] > /etc/pam.conf no initial module present > Nov 13 13:47:09 oitest1 last message repeated 3 times > Nov 13 13:47:11 oitest1 sshd[3945]: [ID 414352 auth.error] > /etc/pam.conf no initial module present > > Here's my /etc/pam.conf: > > r...@oitest1:~# egrep -v "^\#" /etc/pam.conf > login auth requisite pam_authtok_get.so.1 > login auth required pam_dhkeys.so.1 > login auth required pam_unix_cred.so.1 > login auth sufficient pam_krb5.so.1 > login auth required pam_unix_auth.so.1 > login auth required pam_dial_auth.so.1 > other auth requisite pam_authtok_get.so.1 > other auth required pam_dhkeys.so.1 > other auth required pam_unix_cred.so.1 > other auth sufficient pam_krb5.so.1 > other auth required pam_unix_auth.so.1 > other account requisite pam_roles.so.1 > other account required pam_unix_account.so.1 > other account required pam_krb5.so.1 > other password required pam_dhkeys.so.1 > other password requisite pam_authtok_get.so.1 > other password requisite pam_authtok_check.so.1 > other password sufficient pam_krb5.so.1 > other password required pam_authtok_store.so.1 > > P.S. I also get this when logging in directly from console, except the > error is associated with login instead of sshd. > > Anyone have any thoughts? Thanks in advance.
No real ideas - pam's a bit of a mystery to me - but could you get dtrace to help? Get a stack trace on the failing call to run_stack (which is what outputs that error) and maybe that gives an idea of which part of pam.conf is wrong. Cheers, Chris
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
