[sudo-users] sudo, pam_krb5 and NFSv4
Timo Aaltonen
tjaalton at cc.hut.fi
Thu Mar 16 02:08:46 EST 2006
Hi!
I'm trying to get sudo (Ubuntu Dapper, 1.6.8p12, compiled --with-kerb5)
working so that I can access NFSv4 disks that are mounted with krb5-security,
but haven't succeeded yet..
debug :
Mar 15 16:55:36 nexus6 sudo: (pam_krb5): none: pam_sm_authenticate: entry
Mar 15 16:55:38 nexus6 sudo: (pam_krb5): tjaalton: pam_sm_authenticate: exit (success)
Mar 15 16:55:38 nexus6 sudo: (pam_krb5): none: pam_sm_acct_mgmt: entry
Mar 15 16:55:38 nexus6 sudo: (pam_krb5): tjaalton: pam_sm_acct_mgmt: exit (success)
auth.log :
Mar 15 16:55:38 nexus6 sudo: tjaalton : TTY=pts/1 ; PWD=/m/fs/lk/lk/tjaalton ; USER=root ; COMMAND=/bin/zsh
Mar 15 16:55:38 nexus6 sudo: (pam_krb5): none: pam_sm_setcred: entry (0x2)
Mar 15 16:55:38 nexus6 sudo: (pam_krb5): tjaalton: pam_sm_setcred: initializing cred cache /tmp/krb5cc_26200_ED809M
Mar 15 16:55:38 nexus6 sudo: (pam_krb5): tjaalton: pam_sm_setcred: exit (success)
Mar 15 16:55:38 nexus6 sudo: (pam_krb5): tjaalton: krb5_cc_destroy: ctx->cache: /tmp/krb5cc_26200_ED809M
common-auth:
auth sufficient pam_krb5.so ignore_root forwardable debug
auth sufficient pam_unix.so try_first_pass nullok_secure
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
common-account:
account required pam_krb5.so ignore_root debug
account [perm_denied=1 default=ignore] pam_access.so
account required pam_ldap.so ignore_unknown_user
account required pam_unix.so
common-session:
session optional pam_krb5.so ignore_root debug
session required pam_unix.so
I was told by the pam_krb5 packager, that the problem is sudo closing the
session right after opening it. What do you think?
t
More information about the sudo-users
mailing list