About pam
Dominik Epple
epple at tphys.physik.uni-tuebingen.de
Sat Nov 6 10:03:43 PST 2004
Hi list,
I have a problem with pam. While trying to setup authentication against
a kerberos server, I encountered the following problem.
If I modify /etc/pam.d/login to look like (very minimalistic)
auth required pam_unix.so debug
account required pam_unix.so debug
then login on the console (into an ordinary account in the /etc files)
is (still) working properly. However, if I change the line
auth required pam_unix.so debug
to
auth sufficient pam_unix.so debug
auth required pam_deny.so debug
which should be completely equivalent to the replaced line, login fails.
In the log (/var/log/auth.log) I find
Nov 6 18:44:59 daemon login: login on ttyv0 as dominik
Nov 6 18:44:59 daemon login: in _openpam_check_error_code(): pam_sm_setcred(): unexpected return value 9
Nov 6 18:44:59 daemon login: pam_setcred(): authentication error
What is happening there? Am I doing something wrong? Or is this a bug?
Regards, Dominik.
PS. The system is freshly cvsup'd, compiled and installed.
My supfile contains '*default release=cvs tag=RELENG_5_3_0_RELEASE'.
'uname -a' says 'FreeBSD daemon.intranet 5.3-RELEASE FreeBSD
5.3-RELEASE #0: Sat Nov 6 16:50:02 CET 2004
root at daemon.intranet:/usr/obj/usr/src/sys/GENERIC i386'.
--
More information about the freebsd-questions
mailing list