Samba 2.2.X, PAM and Kerberos5
vorlon at netexpress.net
Wed May 15 07:26:02 GMT 2002
On Wed, May 15, 2002 at 04:20:36PM +1000, Bogdan Iamandei wrote:
> I am trying to put together the latest samba 2.2 from CVS, PAM
> and Kerberos5 on a Solaris8 platform. Although it does compile fine,
> attempting to make it work through pam_krb5 fails miserably.
> I have configured the /etc/pam.conf to read:
> # Samba Auth
> samba auth required /usr/lib/security/pam_krb5.so.1
> samba account required /usr/lib/security/pam_krb5.so.1
> samba session required /usr/lib/security/pam_krb5.so.1
> samba password required /usr/lib/security/pam_krb5.so.1
> The messages I receive in the logs are like this:
> [2002/05/15 15:30:27, 0] passdb/pampass.c:smb_pam_conv(125)
> smb_pam_conv: PAM on this system is broken - appdata_ptr == NULL !
> [2002/05/15 15:30:27, 0] passdb/pampass.c:smb_pam_passcheck(827)
> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User username !
> For some reason - it appears that only samba has this problem, proftpd
> or telnet or just about any other application work fine against
> My questions are:
> 0). Are the lines in my pam.conf correct?
> 1). Is this a bug or a feature? :)
> 2). Is the Sun's PAM/Kerberos5 implementation b0rken?
> 3). If 2) is true - how comes the other applications are not failing?:)
> 4). Any ideeas on how to circumvent this... unpleasant b0rkeness?
As far as it goes, your above configuration looks correct. Have you
checked wherever your syslog auth facility logs to, to see if pam_krb5
is logging any information that might be useful?
Are you using the Solaris pam_krb5 module, or a third-party module?
I'm not sure why the 'appdata_ptr == NULL' check is there, but I seem to
remember that it's true that Solaris does not honor the appdata_ptr
field. If Samba now depends on sane handling of appdata_ptr, then it's
likely that this won't work on Solaris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 232 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20020515/ed3fd740/attachment.bin
More information about the samba-technical