From: Masopust, Christian (christian.masopust@siemens.com)
Date: Fri Jul 27 2007 - 00:22:21 EDT
Hi all,
i try to have my Solaris 10 machine authenticate passwords against a Windows
Active Directory.
I correclty (at least i think it is as same is working on Solaris 8, Linux)
set up krb5.conf and pam.conf
but it is not working.
In /var/adm/messages i always get:
Jul 26 22:01:29 sitom5 sshd[12472]: [ID 537602 auth.error] PAM-KRB5 (auth):
krb5_verify_init_creds failed: No such file or directory
When debugging pam i get the following:
Jul 26 22:03:30 sitom5 sshd[12506]: [ID 184497 auth.debug] PAM[12506]:
pam_start(sshd-kbdint,atw10s35,73188:8ad70) - debug = 1
Jul 26 22:03:30 sitom5 sshd[12506]: [ID 256940 auth.debug] PAM[12506]:
pam_set_item(8ad70:service)
Jul 26 22:03:30 sitom5 sshd[12506]: [ID 256940 auth.debug] PAM[12506]:
pam_set_item(8ad70:user)
Jul 26 22:03:30 sitom5 sshd[12506]: [ID 256940 auth.debug] PAM[12506]:
pam_set_item(8ad70:conv)
Jul 26 22:03:30 sitom5 sshd[12506]: [ID 256940 auth.debug] PAM[12506]:
pam_set_item(8ad70:rhost)
Jul 26 22:03:30 sitom5 sshd[12506]: [ID 256940 auth.debug] PAM[12506]:
pam_set_item(8ad70:tty)
Jul 26 22:03:30 sitom5 sshd[12506]: [ID 406376 auth.debug] PAM[12506]:
pam_authenticate(8ad70, 0)
Jul 26 22:03:30 sitom5 sshd[12506]: [ID 438626 auth.debug] PAM[12506]:
load_modules(8ad70,
pam_sm_authenticate)=/usr/lib/security/pam_authtok_get.so.1
Jul 26 22:03:30 sitom5 sshd[12506]: [ID 753620 auth.debug] PAM[12506]:
load_function: successful load of pam_sm_authenticate
Jul 26 22:03:30 sitom5 sshd[12506]: [ID 438626 auth.debug] PAM[12506]:
load_modules(8ad70, pam_sm_authenticate)=/usr/lib/security/pam_dhkeys.so.1
Jul 26 22:03:30 sitom5 sshd[12506]: [ID 753620 auth.debug] PAM[12506]:
load_function: successful load of pam_sm_authenticate
Jul 26 22:03:30 sitom5 sshd[12506]: [ID 438626 auth.debug] PAM[12506]:
load_modules(8ad70, pam_sm_authenticate)=/usr/lib/security/pam_krb5.so.1
Jul 26 22:03:30 sitom5 sshd[12506]: [ID 753620 auth.debug] PAM[12506]:
load_function: successful load of pam_sm_authenticate
Jul 26 22:03:30 sitom5 sshd[12506]: [ID 438626 auth.debug] PAM[12506]:
load_modules(8ad70, pam_sm_authenticate)=/usr/lib/security/pam_unix_cred.so.1
Jul 26 22:03:30 sitom5 sshd[12506]: [ID 753620 auth.debug] PAM[12506]:
load_function: successful load of pam_sm_authenticate
Jul 26 22:03:30 sitom5 sshd[12506]: [ID 438626 auth.debug] PAM[12506]:
load_modules(8ad70, pam_sm_authenticate)=/usr/lib/security/pam_unix_auth.so.1
Jul 26 22:03:30 sitom5 sshd[12506]: [ID 753620 auth.debug] PAM[12506]:
load_function: successful load of pam_sm_authenticate
Jul 26 22:03:30 sitom5 sshd[12506]: [ID 701501 auth.debug] PAM[12506]:
pam_get_user(8ad70, ff268000, NULL)
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 256940 auth.debug] PAM[12506]:
pam_set_item(8ad70:authtok)
Jul 26 22:03:35 sitom5 last message repeated 1 time
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 655841 auth.debug] PAM-KRB5 (auth):
pam_sm_authenticate flags=0
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 549540 auth.debug] PAM-KRB5 (auth):
attempt_krb5_auth: start: user='atw10s35'
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 704353 auth.debug] PAM-KRB5 (auth):
Forwardable tickets requested
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 912857 auth.debug] PAM-KRB5 (auth):
Renewable tickets requested
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 179272 auth.debug] PAM-KRB5 (auth):
attempt_krb5_auth: krb5_get_init_creds_password returns: SUCCESS
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 537602 auth.error] PAM-KRB5 (auth):
krb5_verify_init_creds failed: No such file or directory
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 399723 auth.debug] PAM-KRB5 (auth):
clearing initcreds in pam_authenticate()
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 833335 auth.debug] PAM-KRB5 (auth):
attempt_krb5_auth returning 4
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 914654 auth.debug] PAM-KRB5 (auth):
pam_sm_auth finalize ccname env, result =4, env
='KRB5CCNAME=FILE:/tmp/krb5cc_31806', age = 0, status = 4
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 525286 auth.debug] PAM-KRB5 (auth):
end: System error
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 139154 auth.debug] PAM[12506]:
pam_authenticate(8ad70, 0): error System error
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 139154 auth.debug] PAM[12506]:
pam_authenticate(8ad70, 0): error Authentication failed
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 256940 auth.debug] PAM[12506]:
pam_set_item(8ad70:authtok)
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 800047 auth.info] Keyboard-interactive
(PAM) userauth failed[4] while authenticating: System error
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 256940 auth.debug] PAM[12506]:
pam_set_item(8ad70:conv)
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 461544 auth.debug] PAM[12506]:
pam_end(8ad70): status = System error
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 490997 auth.debug] PAM-KRB5 (auth):
krb5_cleanup auth_status = 4
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 184497 auth.debug] PAM[12506]:
pam_start(sshd-kbdint,atw10s35,73188:8ad70) - debug = 1
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 256940 auth.debug] PAM[12506]:
pam_set_item(8ad70:service)
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 256940 auth.debug] PAM[12506]:
pam_set_item(8ad70:user)
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 256940 auth.debug] PAM[12506]:
pam_set_item(8ad70:conv)
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 256940 auth.debug] PAM[12506]:
pam_set_item(8ad70:rhost)
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 256940 auth.debug] PAM[12506]:
pam_set_item(8ad70:tty)
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 406376 auth.debug] PAM[12506]:
pam_authenticate(8ad70, 0)
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 438626 auth.debug] PAM[12506]:
load_modules(8ad70,
pam_sm_authenticate)=/usr/lib/security/pam_authtok_get.so.1
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 753620 auth.debug] PAM[12506]:
load_function: successful load of pam_sm_authenticate
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 438626 auth.debug] PAM[12506]:
load_modules(8ad70, pam_sm_authenticate)=/usr/lib/security/pam_dhkeys.so.1
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 753620 auth.debug] PAM[12506]:
load_function: successful load of pam_sm_authenticate
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 438626 auth.debug] PAM[12506]:
load_modules(8ad70, pam_sm_authenticate)=/usr/lib/security/pam_krb5.so.1
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 753620 auth.debug] PAM[12506]:
load_function: successful load of pam_sm_authenticate
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 438626 auth.debug] PAM[12506]:
load_modules(8ad70, pam_sm_authenticate)=/usr/lib/security/pam_unix_cred.so.1
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 753620 auth.debug] PAM[12506]:
load_function: successful load of pam_sm_authenticate
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 438626 auth.debug] PAM[12506]:
load_modules(8ad70, pam_sm_authenticate)=/usr/lib/security/pam_unix_auth.so.1
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 753620 auth.debug] PAM[12506]:
load_function: successful load of pam_sm_authenticate
Jul 26 22:03:35 sitom5 sshd[12506]: [ID 701501 auth.debug] PAM[12506]:
pam_get_user(8ad70, ff268000, NULL)
Jul 26 22:03:36 sitom5 sshd[12506]: [ID 800047 auth.info] Connection closed by
158.226.148.130
Jul 26 22:03:36 sitom5 sshd[12506]: [ID 256940 auth.debug] PAM[12506]:
pam_set_item(8ad70:conv)
Jul 26 22:03:36 sitom5 sshd[12506]: [ID 461544 auth.debug] PAM[12506]:
pam_end(8ad70): status = General PAM failure
Jul 27 02:00:00 sitom5 cron[12608]: [ID 762063 auth.debug] PAM[12608]:
pam_start(cron,root,2cfc8:33a20) - debug = 1
Jul 27 02:00:00 sitom5 cron[12608]: [ID 781484 auth.debug] PAM[12608]:
pam_set_item(33a20:service)
Jul 27 02:00:00 sitom5 cron[12608]: [ID 781484 auth.debug] PAM[12608]:
pam_set_item(33a20:user)
Jul 27 02:00:00 sitom5 cron[12608]: [ID 781484 auth.debug] PAM[12608]:
pam_set_item(33a20:conv)
Jul 27 02:00:00 sitom5 cron[12608]: [ID 703567 auth.debug] PAM[12608]:
pam_acct_mgmt(33a20, 0)
Jul 27 02:00:00 sitom5 cron[12608]: [ID 716203 auth.debug] PAM[12608]:
load_modules(33a20, pam_sm_acct_mgmt)=/usr/lib/security/pam_unix_account.so.1
Jul 27 02:00:00 sitom5 cron[12608]: [ID 442418 auth.debug] PAM[12608]:
load_function: successful load of pam_sm_acct_mgmt
Jul 27 02:00:00 sitom5 cron[12608]: [ID 703567 auth.debug] PAM[12608]:
pam_setcred(33a20, 1)
Jul 27 02:00:00 sitom5 cron[12608]: [ID 716203 auth.debug] PAM[12608]:
load_modules(33a20, pam_sm_setcred)=/usr/lib/security/pam_authtok_get.so.1
Jul 27 02:00:00 sitom5 cron[12608]: [ID 442418 auth.debug] PAM[12608]:
load_function: successful load of pam_sm_setcred
Jul 27 02:00:00 sitom5 cron[12608]: [ID 716203 auth.debug] PAM[12608]:
load_modules(33a20, pam_sm_setcred)=/usr/lib/security/pam_dhkeys.so.1
Jul 27 02:00:00 sitom5 cron[12608]: [ID 442418 auth.debug] PAM[12608]:
load_function: successful load of pam_sm_setcred
Jul 27 02:00:00 sitom5 cron[12608]: [ID 716203 auth.debug] PAM[12608]:
load_modules(33a20, pam_sm_setcred)=/usr/lib/security/pam_krb5.so.1
Jul 27 02:00:00 sitom5 cron[12608]: [ID 442418 auth.debug] PAM[12608]:
load_function: successful load of pam_sm_setcred
Jul 27 02:00:00 sitom5 cron[12608]: [ID 716203 auth.debug] PAM[12608]:
load_modules(33a20, pam_sm_setcred)=/usr/lib/security/pam_unix_cred.so.1
Jul 27 02:00:00 sitom5 cron[12608]: [ID 442418 auth.debug] PAM[12608]:
load_function: successful load of pam_sm_setcred
Jul 27 02:00:00 sitom5 cron[12608]: [ID 716203 auth.debug] PAM[12608]:
load_modules(33a20, pam_sm_setcred)=/usr/lib/security/pam_unix_auth.so.1
Jul 27 02:00:00 sitom5 cron[12608]: [ID 442418 auth.debug] PAM[12608]:
load_function: successful load of pam_sm_setcred
Jul 27 02:00:00 sitom5 cron[12608]: [ID 629253 user.debug] PAM-KRB5 (setcred):
start: nowarn = 0, flags = 0x1
Jul 27 02:00:00 sitom5 cron[12608]: [ID 533443 user.debug] PAM-KRB5 (setcred):
kmd get failed, kmd=0x0
Jul 27 02:00:00 sitom5 cron[12608]: [ID 735350 user.debug] PAM-KRB5 (setcred):
end: Can not retrieve user credentials
Jul 27 02:00:00 sitom5 cron[12608]: [ID 155546 auth.debug] PAM[12608]:
pam_setcred(33a20, 1): error Can not retrieve user credentials
Jul 27 02:00:00 sitom5 cron[12608]: [ID 781484 auth.debug] PAM[12608]:
pam_set_item(33a20:authtok)
Jul 27 02:00:00 sitom5 cron[12608]: [ID 104601 auth.debug] PAM[12608]:
pam_end(33a20): status = Can not retrieve user credentials
Jul 27 03:10:00 sitom5 cron[12637]: [ID 408805 auth.debug] PAM[12637]:
pam_start(cron,root,2cfc8:33a20) - debug = 1
Jul 27 03:10:00 sitom5 cron[12637]: [ID 543916 auth.debug] PAM[12637]:
pam_set_item(33a20:service)
Jul 27 03:10:00 sitom5 cron[12637]: [ID 543916 auth.debug] PAM[12637]:
pam_set_item(33a20:user)
Jul 27 03:10:00 sitom5 cron[12637]: [ID 543916 auth.debug] PAM[12637]:
pam_set_item(33a20:conv)
Jul 27 03:10:00 sitom5 cron[12637]: [ID 563396 auth.debug] PAM[12637]:
pam_acct_mgmt(33a20, 0)
Jul 27 03:10:00 sitom5 cron[12637]: [ID 517136 auth.debug] PAM[12637]:
load_modules(33a20, pam_sm_acct_mgmt)=/usr/lib/security/pam_unix_account.so.1
Jul 27 03:10:00 sitom5 cron[12637]: [ID 792875 auth.debug] PAM[12637]:
load_function: successful load of pam_sm_acct_mgmt
Jul 27 03:10:00 sitom5 cron[12637]: [ID 563396 auth.debug] PAM[12637]:
pam_setcred(33a20, 1)
Jul 27 03:10:00 sitom5 cron[12637]: [ID 517136 auth.debug] PAM[12637]:
load_modules(33a20, pam_sm_setcred)=/usr/lib/security/pam_authtok_get.so.1
Jul 27 03:10:00 sitom5 cron[12637]: [ID 792875 auth.debug] PAM[12637]:
load_function: successful load of pam_sm_setcred
Jul 27 03:10:00 sitom5 cron[12637]: [ID 517136 auth.debug] PAM[12637]:
load_modules(33a20, pam_sm_setcred)=/usr/lib/security/pam_dhkeys.so.1
Jul 27 03:10:00 sitom5 cron[12637]: [ID 792875 auth.debug] PAM[12637]:
load_function: successful load of pam_sm_setcred
Jul 27 03:10:00 sitom5 cron[12637]: [ID 517136 auth.debug] PAM[12637]:
load_modules(33a20, pam_sm_setcred)=/usr/lib/security/pam_krb5.so.1
Jul 27 03:10:00 sitom5 cron[12637]: [ID 792875 auth.debug] PAM[12637]:
load_function: successful load of pam_sm_setcred
Jul 27 03:10:00 sitom5 cron[12637]: [ID 517136 auth.debug] PAM[12637]:
load_modules(33a20, pam_sm_setcred)=/usr/lib/security/pam_unix_cred.so.1
Jul 27 03:10:00 sitom5 cron[12637]: [ID 792875 auth.debug] PAM[12637]:
load_function: successful load of pam_sm_setcred
Jul 27 03:10:00 sitom5 cron[12637]: [ID 517136 auth.debug] PAM[12637]:
load_modules(33a20, pam_sm_setcred)=/usr/lib/security/pam_unix_auth.so.1
Jul 27 03:10:00 sitom5 cron[12637]: [ID 792875 auth.debug] PAM[12637]:
load_function: successful load of pam_sm_setcred
Jul 27 03:10:00 sitom5 cron[12637]: [ID 629253 user.debug] PAM-KRB5 (setcred):
start: nowarn = 0, flags = 0x1
Jul 27 03:10:00 sitom5 cron[12637]: [ID 533443 user.debug] PAM-KRB5 (setcred):
kmd get failed, kmd=0x0
Jul 27 03:10:00 sitom5 cron[12637]: [ID 735350 user.debug] PAM-KRB5 (setcred):
end: Can not retrieve user credentials
Jul 27 03:10:00 sitom5 cron[12637]: [ID 148122 auth.debug] PAM[12637]:
pam_setcred(33a20, 1): error Can not retrieve user credentials
Jul 27 03:10:00 sitom5 cron[12637]: [ID 543916 auth.debug] PAM[12637]:
pam_set_item(33a20:authtok)
Jul 27 03:10:00 sitom5 cron[12637]: [ID 295251 auth.debug] PAM[12637]:
pam_end(33a20): status = Can not retrieve user credentials
Jul 27 03:30:00 sitom5 cron[12656]: [ID 215329 auth.debug] PAM[12656]:
pam_start(cron,root,2cfc8:33a68) - debug = 1
Jul 27 03:30:00 sitom5 cron[12656]: [ID 298156 auth.debug] PAM[12656]:
pam_set_item(33a68:service)
Jul 27 03:30:00 sitom5 cron[12656]: [ID 298156 auth.debug] PAM[12656]:
pam_set_item(33a68:user)
Jul 27 03:30:00 sitom5 cron[12656]: [ID 298156 auth.debug] PAM[12656]:
pam_set_item(33a68:conv)
Jul 27 03:30:00 sitom5 cron[12656]: [ID 554973 auth.debug] PAM[12656]:
pam_acct_mgmt(33a68, 0)
Jul 27 03:30:00 sitom5 cron[12656]: [ID 962915 auth.debug] PAM[12656]:
load_modules(33a68, pam_sm_acct_mgmt)=/usr/lib/security/pam_unix_account.so.1
Jul 27 03:30:00 sitom5 cron[12656]: [ID 565774 auth.debug] PAM[12656]:
load_function: successful load of pam_sm_acct_mgmt
Jul 27 03:30:00 sitom5 cron[12656]: [ID 554973 auth.debug] PAM[12656]:
pam_setcred(33a68, 1)
Jul 27 03:30:00 sitom5 cron[12656]: [ID 962915 auth.debug] PAM[12656]:
load_modules(33a68, pam_sm_setcred)=/usr/lib/security/pam_authtok_get.so.1
Jul 27 03:30:00 sitom5 cron[12656]: [ID 565774 auth.debug] PAM[12656]:
load_function: successful load of pam_sm_setcred
Jul 27 03:30:00 sitom5 cron[12656]: [ID 962915 auth.debug] PAM[12656]:
load_modules(33a68, pam_sm_setcred)=/usr/lib/security/pam_dhkeys.so.1
Jul 27 03:30:00 sitom5 cron[12656]: [ID 565774 auth.debug] PAM[12656]:
load_function: successful load of pam_sm_setcred
Jul 27 03:30:00 sitom5 cron[12656]: [ID 962915 auth.debug] PAM[12656]:
load_modules(33a68, pam_sm_setcred)=/usr/lib/security/pam_krb5.so.1
Jul 27 03:30:00 sitom5 cron[12656]: [ID 565774 auth.debug] PAM[12656]:
load_function: successful load of pam_sm_setcred
Jul 27 03:30:00 sitom5 cron[12656]: [ID 962915 auth.debug] PAM[12656]:
load_modules(33a68, pam_sm_setcred)=/usr/lib/security/pam_unix_cred.so.1
Jul 27 03:30:00 sitom5 cron[12656]: [ID 565774 auth.debug] PAM[12656]:
load_function: successful load of pam_sm_setcred
Jul 27 03:30:00 sitom5 cron[12656]: [ID 962915 auth.debug] PAM[12656]:
load_modules(33a68, pam_sm_setcred)=/usr/lib/security/pam_unix_auth.so.1
Jul 27 03:30:00 sitom5 cron[12656]: [ID 565774 auth.debug] PAM[12656]:
load_function: successful load of pam_sm_setcred
Jul 27 03:30:00 sitom5 cron[12656]: [ID 629253 user.debug] PAM-KRB5 (setcred):
start: nowarn = 0, flags = 0x1
Jul 27 03:30:00 sitom5 cron[12656]: [ID 533443 user.debug] PAM-KRB5 (setcred):
kmd get failed, kmd=0x0
Jul 27 03:30:00 sitom5 cron[12656]: [ID 735350 user.debug] PAM-KRB5 (setcred):
end: Can not retrieve user credentials
Jul 27 03:30:00 sitom5 cron[12656]: [ID 140442 auth.debug] PAM[12656]:
pam_setcred(33a68, 1): error Can not retrieve user credentials
Jul 27 03:30:00 sitom5 cron[12656]: [ID 298156 auth.debug] PAM[12656]:
pam_set_item(33a68:authtok)
Jul 27 03:30:00 sitom5 cron[12656]: [ID 337306 auth.debug] PAM[12656]:
pam_end(33a68): status = Can not retrieve user credentials
what am i doing wrong??
thanks a lot,
christian
krb5.conf is:
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "@(#)krb5.conf 1.3 04/03/25 SMI"
#
# krb5.conf template
# In order to complete this configuration file
# you will need to replace the __<name>__ placeholders
# with appropriate values for your network.
#
[libdefaults]
ticket_lifetime = 24000
default_realm = <my-domain>
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com:88
admin_server = kerberos.example.com:749
default_domain = example.com
}
<my-domain> = {
kdc = <my-kdc>
admin_server = <my-kdc>
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
kdc_rotate = {
# How often to rotate kdc.log. Logs will get rotated no more
# often than the period, and less often if the KDC is not used
# frequently.
period = 1d
# how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)
versions = 10
}
[appdefaults]
kinit = {
renewable = true
forwardable= true
}
pam = {
debug = true
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
gkadmin = {
help_url =
http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195
}
and pam.conf:
#
#ident "@(#)pam.conf 1.28 04/04/21 SMI"
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# PAM configuration
#
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
#
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_cred.so.1
login auth sufficient pam_krb5.so.1 debug
login auth required pam_unix_auth.so.1
login auth required pam_dial_auth.so.1
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
rlogin auth required pam_unix_auth.so.1
#
# Kerberized rlogin service
#
krlogin auth required pam_unix_cred.so.1
krlogin auth binding pam_krb5.so.1 debug
krlogin auth required pam_unix_auth.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_cred.so.1
#
# Kerberized rsh service
#
krsh auth required pam_unix_cred.so.1
krsh auth binding pam_krb5.so.1 debug
krsh auth required pam_unix_auth.so.1
#
# Kerberized telnet service
#
ktelnet auth required pam_unix_cred.so.1
ktelnet auth binding pam_krb5.so.1 debug
ktelnet auth required pam_unix_auth.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_unix_cred.so.1
ppp auth required pam_unix_auth.so.1
ppp auth required pam_dial_auth.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth binding pam_krb5.so.1 debug
other auth required pam_unix_cred.so.1
other auth required pam_unix_auth.so.1
#
# passwd command (explicit because of a different authentication module)
#
passwd auth required pam_passwd_auth.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron account required pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other account requisite pam_roles.so.1
other account required pam_unix_account.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other session required pam_unix_session.so.1
#
# Default definition for Password management
# Used when service name is not explicitly mentioned for password management
#
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1
#
# Support for Kerberos V5 authentication and example configurations can
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
#
___________________________________________________________
Christian Masopust
SIEMENS AG PSE SMC CI E CM
Tel: +43 (0) 5 1707 26866
E-mail: christian.masopust@siemens.com
Addr: Austria, 1210 Vienna, Siemensstra_e 90-92, B. 33, Rm. 243
Firma: Siemens Aktiengesellschaft Vsterreich, Rechtsform:
Aktiengesellschaft,
Sitz: Wien, Firmenbuchnummer: FN 60562 m,
Firmenbuchgericht: Handelsgericht Wien, DVR 0001708
___________________________________________________________
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:42:09 EDT