I am trying to setup pam (with su for starters) on a solaris 9 system. Its up to date with all the recommended patches.
I have a valid krb5.conf file in /etc/ and sym-linked to /etc/krb5/krb5.conf. It has the following in libdefaults: default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc I created a keytab and symlinked it to /etc/krb5/krb5.keytab. # klist -e -k /etc/krb5/krb5.keytab Keytab name: FILE:/etc/krb5/krb5.keytab KVNO Principal ---- ------------------------------------------------------------------------ -- 2 host/[EMAIL PROTECTED] (DES-CBC-CRC) 2 host/[EMAIL PROTECTED] (DES-CBC-MD5) I have my /etc/hosts file with (IP address X to protect the innocent): # cat /etc/hosts # # Internet host table # 127.0.0.1 localhost 134.253.X.X vmtest2c.sandia.gov vmtest2c loghost I added the following to my pam.conf: su auth sufficient pam_krb5.so.1 su account sufficient pam_krb5.so.1 When I go to su as a Kerberos account I get: bash-2.05$ su drwachdz Enter Kerberos password for drwachdz: authentication failed: Bad encryption type The log files show: Jun 29 16:35:06 vmtest2c su: [ID 537602 auth.error] PAM-KRB5 (auth): krb5_verify_init_creds failed: Bad encryption type Any ideas? -dan -------------------------------------- Daniel Wachdorf [EMAIL PROTECTED] Sandia National Laboratories Cyber Security Technologies 505-284-8060 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
