Package: libpam-krb5 Version: 1.2.0-2 Severity: normal
This is more of a documentation problem. I'm using pam_krb5 to authenticate against a Windows 2000 DC. # kinit -V hildeb Password for [EMAIL PROTECTED]: Authenticated to Kerberos v5 works OK from that machine. But when I try to use pam_krb5, I get this in my log: Jan 25 15:16:43 vpn-gw-int openvpn[1835]: (pam_krb5): none: pam_sm_authenticate: entry Jan 25 15:16:43 vpn-gw-int openvpn[1835]: pam_krb5: verify_krb_v5_tgt(): krb5_kt_read_service_key(): Key table entry not found Jan 25 15:16:43 vpn-gw-int openvpn[1835]: (pam_krb5): hildeb: pam_sm_authenticate: exit (success) Jan 25 15:16:43 vpn-gw-int openvpn[1835]: (pam_krb5): none: pam_sm_acct_mgmt: entry According to the docs: krb5_kt_read_service_key() reads the key identified by (principal, vno, enctype) from the keytab in keyprocarg (the default if == NULL) into *key. Returns 0 or an error. But even using the "debug" option doesn't tell me WHICH service is searched for. I'm trying to use pam_krb5 for openvpn authentication: ------------ snip ------------ # PAM configuration for OpenVPN auth sufficient pam_krb5.so debug ignore_root account required pam_krb5.so debug ignore_root ------------ snip ------------ The code snippet even SAYS: /* * Do we have service/<host> keys? * (use default/configured keytab, kvno IGNORE_VNO to get the * first match, and ignore enctype.) */ if ((retval = krb5_kt_read_service_key(context, NULL, princ, 0,0, &keyblock)) != 0) "Do we have service/<host> keys?" and ALAS, I don't have them, since FOR GODS SAKE I don't know which "service" is being expected here. It's not documented either... -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-1-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages libpam-krb5 depends on: ii krb5-config 1.7 Configuration files for Kerberos V ii libc6 2.3.5-12 GNU C Library: Shared libraries an ii libcomerr2 1.38+1.39-WIP-2005.12.31-1 common error description library ii libkrb53 1.4.3-5 MIT Kerberos runtime libraries ii libpam0g 0.79-3 Pluggable Authentication Modules l libpam-krb5 recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
