Pam, Heimdal

["Valentin v. Seggern" <vvs@germanistik.fu-berlin.de>]

Hello List,

this has probably been asked a million times, but I have not yet
read a complete answer to this. If there is one, please correct my
ignorance.

I need a setup for several Linux computers with PAM & Heimdal. I
tried every pam_krb5 module I could find (I think that was F.
Kusacks (with and without the debian patches) and kpam) to set up
rules that would let root login based on unix-based authentification
and kerberos user via pam_krb5.

Now I already fail some earlier. When I try to login on the console
of one of the clients I get:

2002-11-19T14:46:24 AS-REQ root@LABIX from IPv4:192.168.0.7 for
krbtgt/LABIX@LABIX
2002-11-19T14:46:24 UNKNOWN -- root@LABIX: No such entry in the
database

in kdc.log. That is when I log in as "vvs", a user who has an entry
in the kerberos db and can also kinit on a client:

2002-11-19T15:35:16 AS-REQ vvs@LABIX from IPv4:192.168.0.7 for
krbtgt/LABIX@LABIX
2002-11-19T15:35:16 TGS-REQ vvs@LABIX from IPv4:192.168.0.7 for
krbtgt/LABIX@LABIX
2002-11-19T15:35:16 524-REQ vvs@LABIX from IPv4:192.168.0.7 for
krbtgt/LABIX@LABIX
2002-11-19T15:35:16 TGS-REQ vvs@LABIX from IPv4:192.168.0.7 for
afs@LABIX
2002-11-19T15:35:16 524-REQ vvs@LABIX from IPv4:192.168.0.7 for
afs@LABIX

As far as I can see the problem is, that pam does map all users to
root. 

Strange is, that as soon there is /etc/krb5cc_0 (created when I
kinited as root) login works. But since my for vvs UID is 1005 I
don't own a ticket.

I probably to something fundamentally wrong, could you please
enlighten me?

Thanks,
Valentin

PS: I run debian 3.0 and heimdal 0.5.1. The pam module I use is
pam_krb5 by Leif Johansson <leifj@matematik.su.se>.




-- 
Until the color of a man's skin is of no more significance 
than the color of his eyes - everywhere is war.

http://www.germanistik.fu-berlin.de/~luisxiv/