[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pam_krb5+Debian's login+telnet breaks!
>>>>> "Johan" == Johan Danielsson <joda@pdc.kth.se> writes:
Johan> Looks like some weird interaction. What happens if you
Johan> start a root shell and try manually running login (as
Johan> invoked by telnetd)?
You mean like this:
snoopy:~# /bin/login -h 202.12.87.129 -p -f -- bam
Authentication service cannot retrieve user credentials
strace says:
[...]
open("/etc/krb5.conf", O_RDONLY) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=599, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000
read(5, "[libdefaults]\ndefault_realm=CHOC"..., 4096) = 599
brk(0x8066000) = 0x8066000
read(5, "", 4096) = 0
close(5) = 0
munmap(0x40014000, 4096) = 0
geteuid() = 0
getegid() = 100
setresuid(ruid 4294967295, euid 0, suid 4294967295) = 0
setregid(4294967295, 100) = 0
write(2, "\nAuthentication service cannot r"..., 57
[...]
Ohh - and something else. If I change:
auth required pam_krb5.so
to:
auth sufficient pam_krb5.so
auth required pam_unix.so nullok
it works too.
--
Brian May <bam@snoopy.apana.org.au>