On 02/01/2012 06:46 PM, steve wrote: > This is my first post here so hi everyone. > > We have a Lan of Linux and win 7 boxes under a Samba 4 pdc. On Linux, > our Kerberos password does not unlock xscreensaver. We get > 'Authentication failed'. > > openSUSE 12.1. a few files: > > /etc/krb5.conf > [libdefaults] > default_realm = HH3.SITE > dns_lookup_realm = false > dns_lookup_kdc = true > clockskew = 300 > [domain_realm] > .hh3.site = HH3.SITE > [realms] > HH3.SITE = { > kdc = 192.168.1.3 > default_domain = hh3.site > admin_server = 192.168.1.3 > } > [appdefaults] > pam = { > ticket_lifetime = 1d > renew_lifetime = 1d > forwardable = true > proxiable = false > minimum_uid = 1 > clockskew = 300 > external = sshd > use_shmem = sshd > } > > /etc/pam.d/common-auth > auth required pam_env.so > auth optional pam_gnome_keyring.so > auth sufficient pam_unix2.so > auth required pam_krb5.so > auth required pam_ldap.so use_first_pass > > /etc/pam.d/xscreensaver > auth include common-auth > account include common-account > password include common-password > session include common-session > > Any ideas anyone? > Thanks, > Steve OK I've now seen that the xscreensaver shipped with openSUSE 12.1 does not support Krb5. Fine. I installed gnome-screensaver. Still no go. So I tried gnome-screensaver with Kerberos auth on Ubuntu. _It worked_. The common-auth on Ubuntu has this:
auth required pam_env.so auth optional pam_gnome_keyring.so auth sufficient pam_unix2.so auth required pam_krb5.so Which doesn't work when copied to openSUSE Can I conclude: 1. the fault is not with Kerberos 2. pam is at fault on openSUSE 3. gnome-screensaver is at fault with openSUSE Any ideas anyone? Thanks, Steve ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos