[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pam_krb5+Debian's login+telnet breaks!

To: heimdal-discuss@sics.se
Subject: pam_krb5+Debian's login+telnet breaks!
From: Brian May <bam@snoopy.apana.org.au>
Date: 18 Nov 2000 15:18:02 +1100
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.0807 (Gnus v5.8.7) XEmacs/21.1 (Capitol Reef)

snoopy# /usr/lib/heimdal-servers/telnetd -debug 8023 -L /bin/login
telnetd: socket: Invalid argument
snoopy# 

[519] [snoopy:bam] ~/source/notmine/libpam-heimdal-1.0 >telnet snoopy 8023     
Encryption is verbose
Trying 202.12.87.129...
Connected to snoopy.
Escape character is '^]'.
[ Trying mutual KERBEROS5 ... ]
[ Kerberos V5 accepts you as ``bam@CHOCBIT.ORG.AU'' ]
[ Input is now decrypted with type DES_CFB64 ]
[ Output is now encrypted with type DES_CFB64 ]
Debian GNU/%s 2.2 %h

Authentication service cannot retrieve user credentials
Connection closed by foreign host.

Notes:

1. use pam_unix instead of pam_krb5, and it works *OR*
2. use Heimdal's login instead of Debian's, and it works *OR*
3. use Debian's login on console instead of via telnet, and it works.

My guess is that this is a bug in Debian's login, as it doesn't
understand that the user is already logged in. I don't understand how
it would work with pam_unix though.

Another issue: Is it possible to use pam_krb5 for console connections,
but not telnet connections? I think I saw this discussed somewhere,
but I can't remember where.
-- 
Brian May <bam@snoopy.apana.org.au>

Follow-Ups:
- Re: pam_krb5+Debian's login+telnet breaks!
  - From: Brian May <bam@snoopy.apana.org.au>
- Re: pam_krb5+Debian's login+telnet breaks!
  - From: joda@pdc.kth.se (Johan Danielsson)

Prev by Date: Re: Linux PAM kerberos module
Next by Date: Re: pam_krb5+Debian's login+telnet breaks!
Prev by thread: Re: LDAP+Kerberos
Next by thread: Re: pam_krb5+Debian's login+telnet breaks!
Index(es):
- Date
- Thread