[sudo-users] sudo, pam_krb5 and NFSv4

Timo Aaltonen tjaalton at cc.hut.fi
Thu Mar 16 02:08:46 EST 2006


 	Hi!

   I'm trying to get sudo (Ubuntu Dapper, 1.6.8p12, compiled --with-kerb5) 
working so that I can access NFSv4 disks that are mounted with krb5-security, 
but haven't succeeded yet..

debug :
Mar 15 16:55:36 nexus6 sudo: (pam_krb5): none: pam_sm_authenticate: entry
Mar 15 16:55:38 nexus6 sudo: (pam_krb5): tjaalton: pam_sm_authenticate: exit (success)
Mar 15 16:55:38 nexus6 sudo: (pam_krb5): none: pam_sm_acct_mgmt: entry
Mar 15 16:55:38 nexus6 sudo: (pam_krb5): tjaalton: pam_sm_acct_mgmt: exit (success)

auth.log :
Mar 15 16:55:38 nexus6 sudo: tjaalton : TTY=pts/1 ; PWD=/m/fs/lk/lk/tjaalton ; USER=root ; COMMAND=/bin/zsh
Mar 15 16:55:38 nexus6 sudo: (pam_krb5): none: pam_sm_setcred: entry (0x2)
Mar 15 16:55:38 nexus6 sudo: (pam_krb5): tjaalton: pam_sm_setcred: initializing cred cache /tmp/krb5cc_26200_ED809M
Mar 15 16:55:38 nexus6 sudo: (pam_krb5): tjaalton: pam_sm_setcred: exit (success)
Mar 15 16:55:38 nexus6 sudo: (pam_krb5): tjaalton: krb5_cc_destroy: ctx->cache: /tmp/krb5cc_26200_ED809M

common-auth:
auth    sufficient      pam_krb5.so ignore_root forwardable debug
auth    sufficient      pam_unix.so try_first_pass nullok_secure
auth    sufficient      pam_ldap.so use_first_pass
auth    required        pam_deny.so

common-account:
account required        pam_krb5.so ignore_root debug
account [perm_denied=1 default=ignore] pam_access.so
account required        pam_ldap.so ignore_unknown_user
account required        pam_unix.so

common-session:
session optional        pam_krb5.so ignore_root debug
session required        pam_unix.so


I was told by the pam_krb5 packager, that the problem is sudo closing the 
session right after opening it. What do you think?



t



More information about the sudo-users mailing list