hi
you are missing a .k5login profile on your linux box, in the home directory
for the user you want to log in as.
you may try creating a .k5login file with an entry of your principal name
([EMAIL PROTECTED]) with which you got your initial TGT.
try this. it should work
suresh
-Original
to the Linux box from client workstations.
Andy.
-Original Message-
From: Ken Grady [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 15, 2002 1:32 PM
To: Rechenberg, Andrew
Subject: Re: Tickets accepted upon login but still prompted for password
and you have the /lib/security/pam_krb5.so
Quoth [EMAIL PROTECTED] (Rechenberg, Andrew):
| [arechenberg@rh71test ~]$ telnet -a rh71test.shermfin.com
| Trying 10.1.1.55...
| Connected to rh71test.shermfin.com (10.1.1.55).
| Escape character is '^]'.
| [ Kerberos V5 accepts you as ``[EMAIL PROTECTED]'' ]
| telnetd: Authorization failed.
rm
No .k5login :(
-Original Message-
From: Donn Cave [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 15, 2002 3:14 PM
To: [EMAIL PROTECTED]
Subject: RE: Tickets accepted upon login but still prompted for password
Quoth [EMAIL PROTECTED] (Rechenberg, Andrew):
| [arechenberg@rh71test
On Fri, 15 Mar 2002, Rechenberg, Andrew wrote:
OK, I put a .k5login file in $HOME and it works, but I don't
want to have to do this for 500+ users. :( Any other suggestions?
- You'll need to patch the src code. Look in
: Donn Cave [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 15, 2002 4:59 PM
To: [EMAIL PROTECTED]
Subject: RE: Tickets accepted upon login but still prompted for password
Quoth [EMAIL PROTECTED] (Booker C. Bense):
| On Fri, 15 Mar 2002, Rechenberg, Andrew wrote:
|
| OK, I put a .k5login file
On 15 Mar 2002, Donn Cave wrote:
Quoth [EMAIL PROTECTED] (Booker C. Bense):
| On Fri, 15 Mar 2002, Rechenberg, Andrew wrote:
|
| OK, I put a .k5login file in $HOME and it works, but I don't
| want to have to do this for 500+ users. :( Any other suggestions?
|
|
| - You'll need to
Clearly, then, the machine is confused about what it's local realm
might be. Does your krb5.conf have a [libdefaults] default_realm entry?
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
Quoth [EMAIL PROTECTED] (Rechenberg, Andrew):
| Looking at the code, it looks like if I don't have a .k5login
| I should be allowed access, but the authorization is failing.
| Is this a correct assumption?
Not completely correct, or you wouldn't have a problem, but yes,
that's how it works for