[SSSD-users] Re: SSSD user mailing list: Unable to login to my kerberos realm

[Louis Garcia]

On Fri, Aug 18, 2017 at 12:24 PM, Louis Garcia <louisg...@gmail.com> wrote:

> On Fri, Aug 18, 2017 at 11:58 AM, Louis Garcia <louisg...@gmail.com>
> wrote:
>
>> On Fri, Aug 18, 2017 at 4:08 AM, Jakub Hrozek <jhro...@redhat.com> wrote:
>>
>>> On Fri, Aug 18, 2017 at 08:42:34AM +0200, Lukas Slebodnik wrote:
>>> > On (17/08/17 12:38), Louis Garcia wrote:
>>> > >Sorry to mail you directly but I think the sssd user mailing list is
>>> not
>>> > >accepting my emails. I replied twice to this thread yesterday and both
>>> > >bounced.
>>> > >
>>> >
>>>
>>> > I have no idea why you have problems to send a mails there.
>>>
>>> Sorry, this is partially my fault. I should be watching the moderation
>>> queue, but lately we've been getting so much spam (sometimes one spam
>>> attempt per hour) that I overlooked your e-mail.
>>>
>>> You can subscribe to the list and then your messages will go right to
>>> the list w/o the moderation queue!
>>>
>>
>> sssd-users-requ...@lists.fedorahosted.org
>> Aug 15 (3 days ago)
>>
>>
>> to me
>> Welcome to the "sssd-users" mailing list!
>>
>
> I subscribed here: https://lists.fedorahosted.org/admin/lists/sssd-users.
> lists.fedorahosted.org/ and I receive all emails from the list but I
> don't have a user account.
> How do I properly subscribe?
>
>
I test by login out of gnome and login back in. After I open a terminal and
run klist

klist: Credentials cache keyring 'persistent:1000:1000' not found

Then I need to kinit and if I klist again

Ticket cache: KEYRING:persistent:1000:1000
Default principal: louisgtwo@MONTCLAIRE.LOCAL

Valid starting       Expires              Service principal
08/18/2017 12:33:50  08/19/2017 12:33:33
krbtgt/MONTCLAIRE.LOCAL@MONTCLAIRE.LOCAL


after that I can ssh and mount nfs4 krb5p. I want to receive my ticket when
I login.

I am not sure how to search journald. I used 'journalctl -u pam' with no
effect

#cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        required      pam_faildelay.so delay=2000000
auth        sufficient    pam_fprintd.so
auth        [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >=
1000 quiet
auth        [default=1 ignore=ignore success=ok] pam_localuser.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
auth        sufficient    pam_sss.so forward_pass
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 1000 quiet
account     [default=bad success=ok user_unknown=ignore] pam_sss.so
account     required      pam_permit.so

password    requisite     pam_pwquality.so try_first_pass local_users_only
retry=3 authtok_type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass
use_authtok
password    sufficient    pam_sss.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond
quiet use_uid
session     required      pam_unix.so
session     optional      pam_sss.so

# cat /etc/pam.d/password-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        required      pam_faildelay.so delay=2000000
auth        [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >=
1000 quiet
auth        [default=1 ignore=ignore success=ok] pam_localuser.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
auth        sufficient    pam_sss.so forward_pass
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 1000 quiet
account     [default=bad success=ok user_unknown=ignore] pam_sss.so
account     required      pam_permit.so

password    requisite     pam_pwquality.so try_first_pass local_users_only
retry=3 authtok_type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass
use_authtok
password    sufficient    pam_sss.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond
quiet use_uid
session     required      pam_unix.so
session     optional      pam_sss.so

_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org