Samba 2.2.X, PAM and Kerberos5
Bogdan Iamandei
bogdan at its.uq.edu.au
Tue May 14 23:25:01 GMT 2002
Hi,
I am trying to put together the latest samba 2.2 from CVS, PAM
and Kerberos5 on a Solaris8 platform. Although it does compile fine,
attempting to make it work through pam_krb5 fails miserably.
I have configured the /etc/pam.conf to read:
# Samba Auth
samba auth required /usr/lib/security/pam_krb5.so.1
samba account required /usr/lib/security/pam_krb5.so.1
samba session required /usr/lib/security/pam_krb5.so.1
samba password required /usr/lib/security/pam_krb5.so.1
#
The messages I receive in the logs are like this:
[2002/05/15 15:30:27, 0] passdb/pampass.c:smb_pam_conv(125)
smb_pam_conv: PAM on this system is broken - appdata_ptr == NULL !
[2002/05/15 15:30:27, 0] passdb/pampass.c:smb_pam_passcheck(827)
smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User username !
For some reason - it appears that only samba has this problem, proftpd
or telnet or just about any other application work fine against
pam_krb5.
My questions are:
0). Are the lines in my pam.conf correct?
1). Is this a bug or a feature? :)
2). Is the Sun's PAM/Kerberos5 implementation b0rken?
3). If 2) is true - how comes the other applications are not failing?:)
4). Any ideeas on how to circumvent this... unpleasant b0rkeness?
Regards,
Bogdan.
PS: If more info is needed - please *do ask*. I would like to have this
sorted, since it's rather important.
--
I have seen things you people wouldn't believe. Attack ships on fire
off the shoulder of Orion. I watched C-beams glitter in the dark
near the Tannhauser Gate. All those moments will be lost in time,
like tears in rain. Time to die.
More information about the samba-technical
mailing list