https://bugzilla.novell.com/show_bug.cgi?id=851835 https://bugzilla.novell.com/show_bug.cgi?id=851835#c0 Summary: Kerberos authentication not working after opensuse upgrade 12.3 to 13.1 Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: x86-64 OS/Version: openSUSE 13.1 Status: NEW Severity: Normal Priority: P5 - None Component: Upgrade Problems AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: omusson@epo.org QAContact: jsrain@suse.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36 Before upgrade I could logon (kdm/xdm), ftp, telnet, ssh using Kerberos authentication. Now only the SSH authentication is working for all the others connection is refused. Turning debug on in kerberos client I get this error : pam_setcred(PAM_ESTABLISH_CRED) returning 14 (Cannot make/remove an entry for the specified session) Funny thing is I enter with local authentication and when I lock my screen I can use password from Kerberos to unlock it. So it looks like a session opening problem. Reproducible: Always Steps to Reproduce: 1.ftp connect from Windows XP machine to remote server (Opensuse 13.1) 2.enter user 3.enter password 4. 530 login incorrect. Actual Results: Connection refused Expected Results: Access granted 2013-11-22T13:24:07.936003+01:00 om03830s vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=om03830 rhost=10.3.203.140 user=om03830 2013-11-22T13:24:07.936360+01:00 om03830s vsftpd: pam_krb5[12362]: flag: debug 2013-11-22T13:24:07.936606+01:00 om03830s vsftpd: pam_krb5[12362]: flag: don't always_allow_localname 2013-11-22T13:24:07.936890+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no ignore_afs 2013-11-22T13:24:07.937146+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no null_afs 2013-11-22T13:24:07.937417+01:00 om03830s vsftpd: pam_krb5[12362]: flag: cred_session 2013-11-22T13:24:07.937737+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no ignore_k5login 2013-11-22T13:24:07.938013+01:00 om03830s vsftpd: pam_krb5[12362]: flag: user_check 2013-11-22T13:24:07.938366+01:00 om03830s vsftpd: pam_krb5[12362]: will try previously set password first 2013-11-22T13:24:07.938693+01:00 om03830s vsftpd: pam_krb5[12362]: will let libkrb5 ask questions 2013-11-22T13:24:07.938925+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no use_shmem 2013-11-22T13:24:07.939150+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no external 2013-11-22T13:24:07.939377+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no multiple_ccaches 2013-11-22T13:24:07.939602+01:00 om03830s vsftpd: pam_krb5[12362]: flag: validate 2013-11-22T13:24:07.939796+01:00 om03830s vsftpd: pam_krb5[12362]: flag: warn 2013-11-22T13:24:07.940070+01:00 om03830s vsftpd: pam_krb5[12362]: minimum uid: 1 2013-11-22T13:24:07.940285+01:00 om03830s vsftpd: pam_krb5[12362]: banner: Kerberos 5 2013-11-22T13:24:07.940573+01:00 om03830s vsftpd: pam_krb5[12362]: ccache dir: /tmp 2013-11-22T13:24:07.940789+01:00 om03830s vsftpd: pam_krb5[12362]: ccname template: DIR:/run/user/%U/krb5cc_XXXXXX 2013-11-22T13:24:07.940996+01:00 om03830s vsftpd: pam_krb5[12362]: keytab: FILE:/etc/krb5.keytab 2013-11-22T13:24:07.941203+01:00 om03830s vsftpd: pam_krb5[12362]: token strategy: 2b,rxk5 2013-11-22T13:24:07.941412+01:00 om03830s vsftpd: pam_krb5[12362]: pam_authenticate called for 'om03830', realm 'INTERNAL.EPO.ORG' 2013-11-22T13:24:07.941630+01:00 om03830s vsftpd: pam_krb5[12362]: authenticating 'om03830@INTERNAL.EPO.ORG' 2013-11-22T13:24:07.941859+01:00 om03830s vsftpd: pam_krb5[12362]: trying previously-entered password for 'om03830', allowing libkrb5 to prompt for more 2013-11-22T13:24:07.942079+01:00 om03830s vsftpd: pam_krb5[12362]: authenticating 'om03830@INTERNAL.EPO.ORG' to 'krbtgt/INTERNAL.EPO.ORG@INTERNAL.EPO.ORG' 2013-11-22T13:24:07.949122+01:00 om03830s vsftpd: pam_krb5[12362]: krb5_get_init_creds_password(krbtgt/INTERNAL.EPO.ORG@INTERNAL.EPO.ORG) returned 0 (Success) 2013-11-22T13:24:07.949562+01:00 om03830s vsftpd: pam_krb5[12362]: validating credentials 2013-11-22T13:24:07.949758+01:00 om03830s vsftpd: pam_krb5[12362]: error reading keytab 'FILE:/etc/krb5.keytab' 2013-11-22T13:24:07.949992+01:00 om03830s vsftpd: pam_krb5[12362]: TGT verified 2013-11-22T13:24:07.950203+01:00 om03830s vsftpd: pam_krb5[12362]: got result 0 (Success) 2013-11-22T13:24:07.950382+01:00 om03830s vsftpd: pam_krb5[12370]: no need to create "/tmp" 2013-11-22T13:24:07.951620+01:00 om03830s vsftpd: pam_krb5[12370]: error creating ccache using pattern "FILE:/tmp/krb5cc_1000_XXXXXX" 2013-11-22T13:24:07.951838+01:00 om03830s vsftpd: pam_krb5[12370]: error creating ccache for user "om03830" 2013-11-22T13:24:07.951990+01:00 om03830s vsftpd: pam_krb5[12370]: krb5_kuserok() says "true" for ("om03830@INTERNAL.EPO.ORG","om03830") 2013-11-22T13:24:07.952119+01:00 om03830s vsftpd: pam_krb5[12362]: 'om03830@INTERNAL.EPO.ORG' passes .k5login check for 'om03830' 2013-11-22T13:24:07.952336+01:00 om03830s vsftpd: pam_krb5[12362]: authentication succeeds for 'om03830' (om03830@INTERNAL.EPO.ORG) 2013-11-22T13:24:07.952544+01:00 om03830s vsftpd: pam_krb5[12362]: pam_authenticate returning 0 (Success) 2013-11-22T13:24:07.952757+01:00 om03830s vsftpd: pam_krb5[12362]: flag: debug 2013-11-22T13:24:07.952957+01:00 om03830s vsftpd: pam_krb5[12362]: flag: don't always_allow_localname 2013-11-22T13:24:07.953215+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no ignore_afs 2013-11-22T13:24:07.953445+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no null_afs 2013-11-22T13:24:07.953724+01:00 om03830s vsftpd: pam_krb5[12362]: flag: cred_session 2013-11-22T13:24:07.953944+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no ignore_k5login 2013-11-22T13:24:07.954142+01:00 om03830s vsftpd: pam_krb5[12362]: flag: user_check 2013-11-22T13:24:07.954339+01:00 om03830s vsftpd: pam_krb5[12362]: will try previously set password first 2013-11-22T13:24:07.954539+01:00 om03830s vsftpd: pam_krb5[12362]: will let libkrb5 ask questions 2013-11-22T13:24:07.954744+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no use_shmem 2013-11-22T13:24:07.954978+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no external 2013-11-22T13:24:07.955394+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no multiple_ccaches 2013-11-22T13:24:07.955583+01:00 om03830s vsftpd: pam_krb5[12362]: flag: validate 2013-11-22T13:24:07.955759+01:00 om03830s vsftpd: pam_krb5[12362]: flag: warn 2013-11-22T13:24:07.955932+01:00 om03830s vsftpd: pam_krb5[12362]: minimum uid: 1 2013-11-22T13:24:07.956104+01:00 om03830s vsftpd: pam_krb5[12362]: banner: Kerberos 5 2013-11-22T13:24:07.956274+01:00 om03830s vsftpd: pam_krb5[12362]: ccache dir: /tmp 2013-11-22T13:24:07.956475+01:00 om03830s vsftpd: pam_krb5[12362]: ccname template: DIR:/run/user/%U/krb5cc_XXXXXX 2013-11-22T13:24:07.956720+01:00 om03830s vsftpd: pam_krb5[12362]: keytab: FILE:/etc/krb5.keytab 2013-11-22T13:24:07.956894+01:00 om03830s vsftpd: pam_krb5[12362]: token strategy: 2b,rxk5 2013-11-22T13:24:07.957064+01:00 om03830s vsftpd: pam_krb5[12362]: pam_acct_mgmt called for 'om03830', realm 'INTERNAL.EPO.ORG' 2013-11-22T13:24:07.957234+01:00 om03830s vsftpd: pam_krb5[12362]: account management succeeds for 'om03830' 2013-11-22T13:24:07.957408+01:00 om03830s vsftpd: pam_krb5[12372]: no need to create "/tmp" 2013-11-22T13:24:07.957520+01:00 om03830s vsftpd: pam_krb5[12372]: error creating ccache using pattern "FILE:/tmp/krb5cc_1000_XXXXXX" 2013-11-22T13:24:07.957653+01:00 om03830s vsftpd: pam_krb5[12372]: error creating ccache for user "om03830" 2013-11-22T13:24:07.957801+01:00 om03830s vsftpd: pam_krb5[12372]: krb5_kuserok() says "true" for ("om03830@INTERNAL.EPO.ORG","om03830") 2013-11-22T13:24:07.957905+01:00 om03830s vsftpd: pam_krb5[12362]: 'om03830@INTERNAL.EPO.ORG' passes .k5login check for 'om03830' 2013-11-22T13:24:07.958106+01:00 om03830s vsftpd: pam_krb5[12362]: pam_acct_mgmt returning 0 (Success) 2013-11-22T13:24:07.958279+01:00 om03830s vsftpd: pam_krb5[12362]: flag: debug 2013-11-22T13:24:07.958453+01:00 om03830s vsftpd: pam_krb5[12362]: flag: don't always_allow_localname 2013-11-22T13:24:07.958631+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no ignore_afs 2013-11-22T13:24:07.958804+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no null_afs 2013-11-22T13:24:07.959012+01:00 om03830s vsftpd: pam_krb5[12362]: flag: cred_session 2013-11-22T13:24:07.959190+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no ignore_k5login 2013-11-22T13:24:07.959363+01:00 om03830s vsftpd: pam_krb5[12362]: flag: user_check 2013-11-22T13:24:07.959539+01:00 om03830s vsftpd: pam_krb5[12362]: will try previously set password first 2013-11-22T13:24:07.959722+01:00 om03830s vsftpd: pam_krb5[12362]: will let libkrb5 ask questions 2013-11-22T13:24:07.959894+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no use_shmem 2013-11-22T13:24:07.960068+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no external 2013-11-22T13:24:07.960241+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no multiple_ccaches 2013-11-22T13:24:07.960437+01:00 om03830s vsftpd: pam_krb5[12362]: flag: validate 2013-11-22T13:24:07.960629+01:00 om03830s vsftpd: pam_krb5[12362]: flag: warn 2013-11-22T13:24:07.960802+01:00 om03830s vsftpd: pam_krb5[12362]: minimum uid: 1 2013-11-22T13:24:07.960973+01:00 om03830s vsftpd: pam_krb5[12362]: banner: Kerberos 5 2013-11-22T13:24:07.961148+01:00 om03830s vsftpd: pam_krb5[12362]: ccache dir: /tmp 2013-11-22T13:24:07.961320+01:00 om03830s vsftpd: pam_krb5[12362]: ccname template: DIR:/run/user/%U/krb5cc_XXXXXX 2013-11-22T13:24:07.961491+01:00 om03830s vsftpd: pam_krb5[12362]: keytab: FILE:/etc/krb5.keytab 2013-11-22T13:24:07.961668+01:00 om03830s vsftpd: pam_krb5[12362]: token strategy: 2b,rxk5 2013-11-22T13:24:07.961857+01:00 om03830s vsftpd: pam_krb5[12362]: pam_setcred (establish credential) called 2013-11-22T13:24:07.962042+01:00 om03830s vsftpd: pam_krb5[12362]: flag: debug 2013-11-22T13:24:07.962214+01:00 om03830s vsftpd: pam_krb5[12362]: flag: don't always_allow_localname 2013-11-22T13:24:07.962385+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no ignore_afs 2013-11-22T13:24:07.962561+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no null_afs 2013-11-22T13:24:07.962733+01:00 om03830s vsftpd: pam_krb5[12362]: flag: cred_session 2013-11-22T13:24:07.962905+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no ignore_k5login 2013-11-22T13:24:07.963075+01:00 om03830s vsftpd: pam_krb5[12362]: flag: user_check 2013-11-22T13:24:07.963271+01:00 om03830s vsftpd: pam_krb5[12362]: will try previously set password first 2013-11-22T13:24:07.963457+01:00 om03830s vsftpd: pam_krb5[12362]: will let libkrb5 ask questions 2013-11-22T13:24:07.963634+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no use_shmem 2013-11-22T13:24:07.963807+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no external 2013-11-22T13:24:07.963990+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no multiple_ccaches 2013-11-22T13:24:07.964161+01:00 om03830s vsftpd: pam_krb5[12362]: flag: validate 2013-11-22T13:24:07.964346+01:00 om03830s vsftpd: pam_krb5[12362]: flag: warn 2013-11-22T13:24:07.964518+01:00 om03830s vsftpd: pam_krb5[12362]: minimum uid: 1 2013-11-22T13:24:07.964715+01:00 om03830s vsftpd: pam_krb5[12362]: banner: Kerberos 5 2013-11-22T13:24:07.964901+01:00 om03830s vsftpd: pam_krb5[12362]: ccache dir: /tmp 2013-11-22T13:24:07.965074+01:00 om03830s vsftpd: pam_krb5[12362]: ccname template: DIR:/run/user/%U/krb5cc_XXXXXX 2013-11-22T13:24:07.965245+01:00 om03830s vsftpd: pam_krb5[12362]: keytab: FILE:/etc/krb5.keytab 2013-11-22T13:24:07.965415+01:00 om03830s vsftpd: pam_krb5[12362]: token strategy: 2b,rxk5 2013-11-22T13:24:07.965594+01:00 om03830s vsftpd: pam_krb5[12362]: pam_open_session called for 'om03830', realm 'INTERNAL.EPO.ORG' 2013-11-22T13:24:07.965795+01:00 om03830s vsftpd: pam_krb5[12362]: creating ccache for 'om03830', uid=1000, gid=100 2013-11-22T13:24:07.965969+01:00 om03830s vsftpd: pam_krb5[12362]: no need to create "/run/user/1000" 2013-11-22T13:24:07.966163+01:00 om03830s vsftpd: pam_krb5[12362]: error creating ccache using pattern "DIR:/run/user/1000/krb5cc_XXXXXX" 2013-11-22T13:24:07.966348+01:00 om03830s vsftpd: pam_krb5[12362]: error creating ccache for user "om03830" 2013-11-22T13:24:07.966519+01:00 om03830s vsftpd: pam_krb5[12362]: pam_setcred(PAM_ESTABLISH_CRED) returning 14 (Cannot make/remove an entry for the specified session) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.