On Mon, 21 Aug 2006 05:02:06 +0100 (BST)
sayali k <[EMAIL PROTECTED]> wrote:
> Hi Michael,
> From what I know about Kerberos and the configurations for the same,
> ideally there is one more section which I feel should be included in the
> krb5.conf file. It is called the libdefaults section where we can specify the
> default values for some of the parameters like the domain name, ticket
> lifetime etc. The section looks something like this:
>
> [libdefaults]
> default_realm = MYDOMAIN.COM
<snip>
> Can you try adding the libdefaults section as well in the krb5.conf file?
>
With a libdefaults section I no longer see any _kerberos.foo.net TXT
lookups so the change definitely had an effect. Unfortunately the capture
also shows it still doesn't attempt to communicate with the KDC at all.
That was using pam.d/sshd. I tried telnet with a pam.d/telnet but for
some reason the file is ignored. Are xinetd services handled special? Does
a localhost logon bypass pam?
If I add [appdefaults] pam = { debug = true }, add *.debug to
/etc/syslog.conf and restart syslog I should see some debugging output
but I get absolutely nothing.
And I thought I was good at Linux stuff.
Mike
--
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
