> > I did in a previous post, but here it is again for convenience: > > > #%PAM-1.0 > > auth required /usr/pam/lib/security/pam_krb5.so > > account required /usr/pam/lib/security/pam_permit.so > > If this particular configuration doesn't work, then the > pam_krb5 module > you're using is buggy. I would recommend the OpenPAM krb5 > module based > on Frank Cusack's work, but I wouldn't swear that it doesn't > also have > this bug at present -- the devel team talked about making sure the > module worked without local accounts, but I don't know that it's ever > been committed to CVS. > > Kick me if you don't hear back from me on this in a day or so -- I'll > take a look at what we have in the pam_krb5 CVS repository > and fix it if > it isn't already taken care of.
I've built an entirely new RedHat 7.2 box (which comes with pam_krb5, etc. etc.), fully patched and all. I'm going to try it once more on this box before moving on to another problem... I can't get rlm_krb5 to build properly. No matter what I do, configure can't seem to find libkrb5: checking for krb5.h... no checking for krb5_encrypt_data in -lk5crypto... no checking for DH_new in -lcrypto... yes checking for set_com_err_hook in -lcom_err... yes checking for krb5_init_context in -lkrb5... no configure: warning: silently not building rlm_krb5. configure: warning: FAILURE: rlm_krb5 requires: krb5. The Kerberos libraries are in /usr/kerberos/lib. That directory is listed in /etc/ld.so.conf and re-ran ldconfig just to make sure. Headers are in /usr/kerberos/include. So I tried the fist obvious thing: export LDFLAGS="-L/usr/kerberos/lib" export INCLUDES="-I/usr/kerberos/include" ./configure That worked, but when I did 'make': Making static dynamic in rlm_krb5... gmake[6]: Entering directory `/usr/src/freeradius-0.5/src/modules/rlm_krb5' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../../include -c rlm_krb5.c -o rlm_krb5.o rlm_krb5.c:39:18: krb5.h: No such file or directory rlm_krb5.c:40:21: com_err.h: No such file or directory Note that the -I/usr/kerberos/include isn't shown in the gcc line above. This smells like a configure/Makefile problem to me. --J - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
