Took a different approach. I started with the baseline /etc/pam.conf and began adding Kerberos lines to it rather than trying to figure out what part of my config was wrong. Now, auth works and no more errors!
On Mon, Nov 15, 2010 at 7:50 PM, Patrick O'Sullivan <ir...@insaneirish.com> wrote: > Thanks for the idea. I will see how I can go about that. > > I just downloaded Solaris 11 Express and duplicated the error. Auth > works, but same message at every login. > > On Sun, Nov 14, 2010 at 4:57 AM, Chris Ridd <chrisr...@mac.com> wrote: >> >> On 14 Nov 2010, at 00:15, Patrick O'Sullivan wrote: >> >>> Hello all, >>> >>> I successfully have gotten authentication to an AD Kerberos server >>> working along with uid/gid resolution from AD LDAP. However, I am >>> getting a strange PAM error and the only reference I can find for it >>> is in the OpenSolaris PAM source code. >>> >>> r...@oitest1:~# uname -a >>> SunOS oitest1 5.11 oi_147 i86pc i386 i86pc Solaris >>> >>> Now, logging in from another machine: >>> >>> $ ssh user...@oitest1 >>> Password: >>> Your Kerberos account/password will expire in 9801 days. >>> >>> >>> Last login: Sat Nov 13 13:42:30 2010 from 10.128.6.55 >>> OpenIndiana SunOS 5.11 oi_147 September 2010 >>> -bash-4.0$ id >>> uid=20002(userfoo) gid=30000(staff) >>> -bash-4.0$ getent passwd userfoo >>> userfoo:x:20002:30000:User Foo:/home/userfoo:/bin/bash >>> >>> Now, the weird part. At the time of logging in, I get the following log >>> entry: >>> >>> Nov 13 13:45:25 oitest1 sshd[3925]: [ID 414352 auth.error] >>> /etc/pam.conf no initial module present >>> Nov 13 13:47:09 oitest1 last message repeated 3 times >>> Nov 13 13:47:11 oitest1 sshd[3945]: [ID 414352 auth.error] >>> /etc/pam.conf no initial module present >>> >>> Here's my /etc/pam.conf: >>> >>> r...@oitest1:~# egrep -v "^\#" /etc/pam.conf >>> login auth requisite pam_authtok_get.so.1 >>> login auth required pam_dhkeys.so.1 >>> login auth required pam_unix_cred.so.1 >>> login auth sufficient pam_krb5.so.1 >>> login auth required pam_unix_auth.so.1 >>> login auth required pam_dial_auth.so.1 >>> other auth requisite pam_authtok_get.so.1 >>> other auth required pam_dhkeys.so.1 >>> other auth required pam_unix_cred.so.1 >>> other auth sufficient pam_krb5.so.1 >>> other auth required pam_unix_auth.so.1 >>> other account requisite pam_roles.so.1 >>> other account required pam_unix_account.so.1 >>> other account required pam_krb5.so.1 >>> other password required pam_dhkeys.so.1 >>> other password requisite pam_authtok_get.so.1 >>> other password requisite pam_authtok_check.so.1 >>> other password sufficient pam_krb5.so.1 >>> other password required pam_authtok_store.so.1 >>> >>> P.S. I also get this when logging in directly from console, except the >>> error is associated with login instead of sshd. >>> >>> Anyone have any thoughts? Thanks in advance. >> >> No real ideas - pam's a bit of a mystery to me - but could you get dtrace to >> help? Get a stack trace on the failing call to run_stack (which is what >> outputs that error) and maybe that gives an idea of which part of pam.conf >> is wrong. >> >> Cheers, >> >> Chris >> >> > _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
