[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GSSApi problems. need help

To: heimdal-discuss@sics.se
Subject: GSSApi problems. need help
From: Diego González <dggonz@gmail.com>
Date: Wed, 8 Sep 2004 01:59:43 +0200
Reply-To: Diego González <dggonz@gmail.com>
Sender: owner-heimdal-discuss@sics.se

hi 

i'm trying to setup a kerberos client (i think i already got the
server configured) and i'm finding several problems:

(i'm doing LDAP queries to map uid and gid to user names and groups
(libnss_ldap   module) this queries go authenticated using GSSAPI.)

during the startup of the client i get this in the /var/log/auth.log file:

Sep  8 01:15:19 helios dbus-daemon-1: GSSAPI Error:  Miscellaneous
failure (see text) (open(/tmp/krb5cc_0): No such file or directory)
Sep  8 01:15:20 helios last message repeated 2 times
Sep  8 01:15:22 helios exim4: GSSAPI Error:  Miscellaneous failure
(see text) (open(/tmp/krb5cc_0): No such file or directory)
Sep  8 01:15:32 helios gdm[4806]: GSSAPI Error:  Miscellaneous failure
(see text) (open(/tmp/krb5cc_0): No such file or directory)
Sep  8 01:15:37 helios gdmgreeter[4806]: GSSAPI Error:  Miscellaneous
failure (see text) (open(/tmp/krb5cc_251): No such file or directory)
Sep  8 01:17:01 helios CRON[4917]: (pam_unix) session opened for user
root by (uid=0)
Sep  8 01:17:01 helios CRON[4918]: GSSAPI Error:  Miscellaneous
failure (see text) (open(/tmp/krb5cc_0): No such file or directory)



Even though i get this errors i can log in the system just fine, both,
in the console and in gnome (using gdm) and all the tickets of the
users are setup as they should be.

The only visible effect of this is are those errors and that the gdm
user is not able to retrieve from the ldap server the list of the
users in the system.

The thing is that two days ago everything was working smoothly but i
don't know what i changed and now i'm getting this errors.

I hope you can sed some ligth on this, after trying different things i
don't know what else to do.

Thanks a lot.


This is the my configuration (in the client side):

krb5.conf

[libdefaults]
        ticket_lifetime = 600
        default_realm = LDH.ES
        krb4_get_tickets=no

[realms]
        LDH.ES = {
                kdc = ganimedes.ldh.es
                admin_server = ganimedes.ldh.es
                default_domain = ldh.es
        }

[domain_realm]
        .ldh.es = LDH.ES
        ldh.es = LDH.ES

[appdefaults]
pam = {
        debug = true
        ticket_lifetime = 36000
        renew_lifetime = 36000
        forwardable = true
        krb4_convert = false
        keytab = /etc/krb5.keytab

}


the pam.d entries for login service is this (pam.d/login)

auth       requisite    pam_securetty.so
auth       requisite    pam_nologin.so
auth       required     pam_env.so
auth       sufficient   pam_krb5.so debug
auth       sufficient   pam_unix.so use_first_pass nullok_secure
auth       required     pam_deny.so

account    sufficient   pam_krb5.so debug
account    required     pam_unix.so

session    sufficient   pam_krb5.so debug
session    sufficient   pam_unix.so
session    optional     pam_lastlog.so
session    optional     pam_motd.so
session    optional     pam_mail.so standard noenv

this is the pam.d file for gdm (pam.d/gdm)
auth       requisite    pam_nologin.so
auth       required     pam_env.so
auth       sufficient   pam_krb5.so debug
auth       sufficient   pam_unix.so use_first_pass nullok_secure
auth       required     pam_deny.so

account    sufficient   pam_krb5.so debug
account    required     pam_unix.so

session    sufficient   pam_krb5.so debug
session    sufficient   pam_unix.so
session    required     pam_limits.so

password   sufficient   pam_krb5.so debug
password   required     pam_unix.so nullok shadow

Prev by Date: Re: problem with /etc/hosts
Next by Date: Migration from Heimdal to MIT database
Prev by thread: Re: problem with /etc/hosts
Next by thread: Migration from Heimdal to MIT database
Index(es):
- Date
- Thread