[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pam_krb5+Debian's login+telnet breaks!

snoopy# /usr/lib/heimdal-servers/telnetd -debug 8023 -L /bin/login
telnetd: socket: Invalid argument

[519] [snoopy:bam] ~/source/notmine/libpam-heimdal-1.0 >telnet snoopy 8023     
Encryption is verbose
Connected to snoopy.
Escape character is '^]'.
[ Trying mutual KERBEROS5 ... ]
[ Kerberos V5 accepts you as ``bam@CHOCBIT.ORG.AU'' ]
[ Input is now decrypted with type DES_CFB64 ]
[ Output is now encrypted with type DES_CFB64 ]
Debian GNU/%s 2.2 %h

Authentication service cannot retrieve user credentials
Connection closed by foreign host.


1. use pam_unix instead of pam_krb5, and it works *OR*
2. use Heimdal's login instead of Debian's, and it works *OR*
3. use Debian's login on console instead of via telnet, and it works.

My guess is that this is a bug in Debian's login, as it doesn't
understand that the user is already logged in. I don't understand how
it would work with pam_unix though.

Another issue: Is it possible to use pam_krb5 for console connections,
but not telnet connections? I think I saw this discussed somewhere,
but I can't remember where.
Brian May <bam@snoopy.apana.org.au>