Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
kerberos: how to create krb5cc cache
735 views
Skip to first unread message
steve
Apr 12, 2013, 12:00:00 PM4/12/13
to kerb...@mit.edu
openSUSE 12.3 clients joined to a Samba4 Domain
Hi everyone
We are using the cifs multiuser option with sec=krb5. This requires the
user to have a ticket cache under /tmp
I know we can get that by using kinit, But I hear rumours that pam can
do it upon successful authentication.
Can anyone point me in the right direction?
Cheers,
Steve
Hi everyone
We are using the cifs multiuser option with sec=krb5. This requires the
user to have a ticket cache under /tmp
I know we can get that by using kinit, But I hear rumours that pam can
do it upon successful authentication.
Can anyone point me in the right direction?
Cheers,
Steve
Tomas Kuthan
Apr 12, 2013, 12:11:39 PM4/12/13
to kerb...@mit.edu
On 04/12/13 18:00, steve wrote:
> We are using the cifs multiuser option with sec=krb5. This requires the
> user to have a ticket cache under /tmp
> I know we can get that by using kinit, But I hear rumours that pam can
> do it upon successful authentication.
>
> Can anyone point me in the right direction?
Google for pam_krb5 module.
> We are using the cifs multiuser option with sec=krb5. This requires the
> user to have a ticket cache under /tmp
> I know we can get that by using kinit, But I hear rumours that pam can
> do it upon successful authentication.
>
> Can anyone point me in the right direction?
Tomas
steve
Apr 12, 2013, 3:29:12 PM4/12/13
to kerb...@mit.edu
> Kerberos mailing list Kerb...@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
Hi
Thanks. pam_krb5 works fine. on openSUSE 12.3 the cache is created
automatically upon login. On Ubuntu it isn't. We have to cater for both
distros at the moment. Any Ubuntu krb5 users?
Cheers,
Steve
Russ Allbery
Apr 12, 2013, 4:00:29 PM4/12/13
to steve, kerb...@mit.edu
steve <st...@steve-ss.com> writes:
> Thanks. pam_krb5 works fine. on openSUSE 12.3 the cache is created
> automatically upon login. On Ubuntu it isn't. We have to cater for both
> distros at the moment. Any Ubuntu krb5 users?
Yes, lots.
> Thanks. pam_krb5 works fine. on openSUSE 12.3 the cache is created
> automatically upon login. On Ubuntu it isn't. We have to cater for both
> distros at the moment. Any Ubuntu krb5 users?
Sounds like you don't have libpam-krb5 configured properly on your Ubuntu
systems. Have you installed the package? Are you using pam-auth-update
and letting it update your PAM configuration or are you maintaining a
local PAM configuration? What's the UID of the user?
--
Russ Allbery (r...@stanford.edu) <http://www.eyrie.org/~eagle/>
steve
Apr 12, 2013, 5:10:34 PM4/12/13
to Russ Allbery, kerb...@mit.edu
On 04/12/2013 10:00 PM, Russ Allbery wrote:
> steve <st...@steve-ss.com> writes:
>
>> Thanks. pam_krb5 works fine. on openSUSE 12.3 the cache is created
>> automatically upon login. On Ubuntu it isn't. We have to cater for both
>> distros at the moment. Any Ubuntu krb5 users?
> Yes, lots.
>
> Sounds like you don't have libpam-krb5 configured properly on your Ubuntu
> systems. Have you installed the package? Are you using pam-auth-update
> and letting it update your PAM configuration or are you maintaining a
> local PAM configuration? What's the UID of the user?
>
Hi Russ
> steve <st...@steve-ss.com> writes:
>
>> Thanks. pam_krb5 works fine. on openSUSE 12.3 the cache is created
>> automatically upon login. On Ubuntu it isn't. We have to cater for both
>> distros at the moment. Any Ubuntu krb5 users?
> Yes, lots.
>
> Sounds like you don't have libpam-krb5 configured properly on your Ubuntu
> systems. Have you installed the package? Are you using pam-auth-update
> and letting it update your PAM configuration or are you maintaining a
> local PAM configuration? What's the UID of the user?
>
Thanks. Your last question led us to the answer. Our common-auth has:
auth [success=2 default=ignore] pam_krb5.so minimum_uid=1000000
Something to do with local and AD users overlap. Our test user was 20000 :(
Sorry, and hope I've not wasted too much of your time.
Steve
Russ Allbery
Apr 12, 2013, 5:17:02 PM4/12/13
to steve, kerb...@mit.edu
steve <st...@steve-ss.com> writes:
> Thanks. Your last question led us to the answer. Our common-auth has:
> auth [success=2 default=ignore] pam_krb5.so minimum_uid=1000000
> Something to do with local and AD users overlap. Our test user was 20000 :(
> Sorry, and hope I've not wasted too much of your time.
Oh, not a problem at all. I had a sneaking suspicion that might be the
> Thanks. Your last question led us to the answer. Our common-auth has:
> auth [success=2 default=ignore] pam_krb5.so minimum_uid=1000000
> Something to do with local and AD users overlap. Our test user was 20000 :(
> Sorry, and hope I've not wasted too much of your time.
issue. That setting tends to bite people.
0 new messages