Solaris 9 PAM problem

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Solaris 9 PAM problem

Wachdorf, Daniel R
I am trying to setup pam (with su for starters) on a solaris 9 system.
Its up to date with all the recommended patches.  

I have a valid krb5.conf file in /etc/ and sym-linked to
/etc/krb5/krb5.conf.  It has the following in libdefaults:
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc

I created a keytab and symlinked it to /etc/krb5/krb5.keytab.

# klist -e -k /etc/krb5/krb5.keytab
Keytab name: FILE:/etc/krb5/krb5.keytab
KVNO Principal
----
------------------------------------------------------------------------
--
   2 host/[hidden email] (DES-CBC-CRC)
   2 host/[hidden email] (DES-CBC-MD5)

I have my /etc/hosts file with (IP address X to protect the innocent):

# cat /etc/hosts
#
# Internet host table
#
127.0.0.1       localhost
134.253.X.X  vmtest2c.sandia.gov vmtest2c    loghost

I added the following to my pam.conf:

su   auth sufficient         pam_krb5.so.1
su   account sufficient      pam_krb5.so.1

When I go to su as a Kerberos account I get:

bash-2.05$ su drwachdz
Enter Kerberos password for drwachdz:
authentication failed:  Bad encryption type

The log files show:
Jun 29 16:35:06 vmtest2c su: [ID 537602 auth.error] PAM-KRB5 (auth):
krb5_verify_init_creds failed: Bad encryption type

Any ideas?

-dan
--------------------------------------
Daniel Wachdorf
[hidden email]
Sandia National Laboratories
Cyber Security Technologies
505-284-8060


________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Solaris 9 pam problem

Wachdorf, Daniel R
I am trying to setup pam (with su for starters) on a solaris 9 system.
Its up to date with all the recommended patches.  

I have a valid krb5.conf file in /etc/ and sym-linked to
/etc/krb5/krb5.conf.  It has the following in libdefaults:
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc

I created a keytab and symlinked it to /etc/krb5/krb5.keytab.

# klist -e -k /etc/krb5/krb5.keytab
Keytab name: FILE:/etc/krb5/krb5.keytab
KVNO Principal
----
------------------------------------------------------------------------
--
   2 host/[hidden email] (DES-CBC-CRC)
   2 host/[hidden email] (DES-CBC-MD5)

I have my /etc/hosts file with (IP address X to protect the innocent):

# cat /etc/hosts
#
# Internet host table
#
127.0.0.1       localhost
134.253.X.X  vmtest2c.sandia.gov vmtest2c    loghost

I added the following to my pam.conf:

su   auth sufficient         pam_krb5.so.1
su   account sufficient      pam_krb5.so.1

When I go to su as a Kerberos account I get:

bash-2.05$ su drwachdz
Enter Kerberos password for drwachdz:
authentication failed:  Bad encryption type

The log files show:
Jun 29 16:35:06 vmtest2c su: [ID 537602 auth.error] PAM-KRB5 (auth):
krb5_verify_init_creds failed: Bad encryption type

Any ideas?

-dan


--------------------------------------
Daniel Wachdorf
[hidden email]
Sandia National Laboratories
Cyber Security Technologies
505-284-8060


________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos