Mailinglist Archive: opensuse-bugs (5295 mails)

< Previous Next >
[Bug 851835] New: Kerberos authentication not working after opensuse upgrade 12.3 to 13.1
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 22 Nov 2013 12:33:02 +0000
  • Message-id: <bug-851835-21960@http.bugzilla.novell.com/>

https://bugzilla.novell.com/show_bug.cgi?id=851835

https://bugzilla.novell.com/show_bug.cgi?id=851835#c0


Summary: Kerberos authentication not working after opensuse
upgrade 12.3 to 13.1
Classification: openSUSE
Product: openSUSE 13.1
Version: Final
Platform: x86-64
OS/Version: openSUSE 13.1
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Upgrade Problems
AssignedTo: bnc-team-screening@xxxxxxxxxxxxxxxxxxxxxx
ReportedBy: omusson@xxxxxxx
QAContact: jsrain@xxxxxxxx
Found By: ---
Blocker: ---


User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/31.0.1650.57 Safari/537.36

Before upgrade I could logon (kdm/xdm), ftp, telnet, ssh using Kerberos
authentication. Now only the SSH authentication is working for all the others
connection is refused.

Turning debug on in kerberos client I get this error :
pam_setcred(PAM_ESTABLISH_CRED) returning 14 (Cannot make/remove an entry for
the specified session)

Funny thing is I enter with local authentication and when I lock my screen I
can use password from Kerberos to unlock it.

So it looks like a session opening problem.

Reproducible: Always

Steps to Reproduce:
1.ftp connect from Windows XP machine to remote server (Opensuse 13.1)
2.enter user
3.enter password
4. 530 login incorrect.
Actual Results:
Connection refused

Expected Results:
Access granted

2013-11-22T13:24:07.936003+01:00 om03830s vsftpd: pam_unix(vsftpd:auth):
authentication failure; logname= uid=0 euid=0 tty=ftp ruser=om03830
rhost=10.3.203.140 user=om03830
2013-11-22T13:24:07.936360+01:00 om03830s vsftpd: pam_krb5[12362]: flag: debug
2013-11-22T13:24:07.936606+01:00 om03830s vsftpd: pam_krb5[12362]: flag: don't
always_allow_localname
2013-11-22T13:24:07.936890+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
ignore_afs
2013-11-22T13:24:07.937146+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
null_afs
2013-11-22T13:24:07.937417+01:00 om03830s vsftpd: pam_krb5[12362]: flag:
cred_session
2013-11-22T13:24:07.937737+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
ignore_k5login
2013-11-22T13:24:07.938013+01:00 om03830s vsftpd: pam_krb5[12362]: flag:
user_check
2013-11-22T13:24:07.938366+01:00 om03830s vsftpd: pam_krb5[12362]: will try
previously set password first
2013-11-22T13:24:07.938693+01:00 om03830s vsftpd: pam_krb5[12362]: will let
libkrb5 ask questions
2013-11-22T13:24:07.938925+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
use_shmem
2013-11-22T13:24:07.939150+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
external
2013-11-22T13:24:07.939377+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
multiple_ccaches
2013-11-22T13:24:07.939602+01:00 om03830s vsftpd: pam_krb5[12362]: flag:
validate
2013-11-22T13:24:07.939796+01:00 om03830s vsftpd: pam_krb5[12362]: flag: warn
2013-11-22T13:24:07.940070+01:00 om03830s vsftpd: pam_krb5[12362]: minimum uid:
1
2013-11-22T13:24:07.940285+01:00 om03830s vsftpd: pam_krb5[12362]: banner:
Kerberos 5
2013-11-22T13:24:07.940573+01:00 om03830s vsftpd: pam_krb5[12362]: ccache dir:
/tmp
2013-11-22T13:24:07.940789+01:00 om03830s vsftpd: pam_krb5[12362]: ccname
template: DIR:/run/user/%U/krb5cc_XXXXXX
2013-11-22T13:24:07.940996+01:00 om03830s vsftpd: pam_krb5[12362]: keytab:
FILE:/etc/krb5.keytab
2013-11-22T13:24:07.941203+01:00 om03830s vsftpd: pam_krb5[12362]: token
strategy: 2b,rxk5
2013-11-22T13:24:07.941412+01:00 om03830s vsftpd: pam_krb5[12362]:
pam_authenticate called for 'om03830', realm 'INTERNAL.EPO.ORG'
2013-11-22T13:24:07.941630+01:00 om03830s vsftpd: pam_krb5[12362]:
authenticating 'om03830@xxxxxxxxxxxxxxxx'
2013-11-22T13:24:07.941859+01:00 om03830s vsftpd: pam_krb5[12362]: trying
previously-entered password for 'om03830', allowing libkrb5 to prompt for more
2013-11-22T13:24:07.942079+01:00 om03830s vsftpd: pam_krb5[12362]:
authenticating 'om03830@xxxxxxxxxxxxxxxx' to
'krbtgt/INTERNAL.EPO.ORG@xxxxxxxxxxxxxxxx'
2013-11-22T13:24:07.949122+01:00 om03830s vsftpd: pam_krb5[12362]:
krb5_get_init_creds_password(krbtgt/INTERNAL.EPO.ORG@xxxxxxxxxxxxxxxx) returned
0 (Success)
2013-11-22T13:24:07.949562+01:00 om03830s vsftpd: pam_krb5[12362]: validating
credentials
2013-11-22T13:24:07.949758+01:00 om03830s vsftpd: pam_krb5[12362]: error
reading keytab 'FILE:/etc/krb5.keytab'
2013-11-22T13:24:07.949992+01:00 om03830s vsftpd: pam_krb5[12362]: TGT verified
2013-11-22T13:24:07.950203+01:00 om03830s vsftpd: pam_krb5[12362]: got result 0
(Success)
2013-11-22T13:24:07.950382+01:00 om03830s vsftpd: pam_krb5[12370]: no need to
create "/tmp"
2013-11-22T13:24:07.951620+01:00 om03830s vsftpd: pam_krb5[12370]: error
creating ccache using pattern "FILE:/tmp/krb5cc_1000_XXXXXX"
2013-11-22T13:24:07.951838+01:00 om03830s vsftpd: pam_krb5[12370]: error
creating ccache for user "om03830"
2013-11-22T13:24:07.951990+01:00 om03830s vsftpd: pam_krb5[12370]:
krb5_kuserok() says "true" for ("om03830@xxxxxxxxxxxxxxxx","om03830")
2013-11-22T13:24:07.952119+01:00 om03830s vsftpd: pam_krb5[12362]:
'om03830@xxxxxxxxxxxxxxxx' passes .k5login check for 'om03830'
2013-11-22T13:24:07.952336+01:00 om03830s vsftpd: pam_krb5[12362]:
authentication succeeds for 'om03830' (om03830@xxxxxxxxxxxxxxxx)
2013-11-22T13:24:07.952544+01:00 om03830s vsftpd: pam_krb5[12362]:
pam_authenticate returning 0 (Success)
2013-11-22T13:24:07.952757+01:00 om03830s vsftpd: pam_krb5[12362]: flag: debug
2013-11-22T13:24:07.952957+01:00 om03830s vsftpd: pam_krb5[12362]: flag: don't
always_allow_localname
2013-11-22T13:24:07.953215+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
ignore_afs
2013-11-22T13:24:07.953445+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
null_afs
2013-11-22T13:24:07.953724+01:00 om03830s vsftpd: pam_krb5[12362]: flag:
cred_session
2013-11-22T13:24:07.953944+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
ignore_k5login
2013-11-22T13:24:07.954142+01:00 om03830s vsftpd: pam_krb5[12362]: flag:
user_check
2013-11-22T13:24:07.954339+01:00 om03830s vsftpd: pam_krb5[12362]: will try
previously set password first
2013-11-22T13:24:07.954539+01:00 om03830s vsftpd: pam_krb5[12362]: will let
libkrb5 ask questions
2013-11-22T13:24:07.954744+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
use_shmem
2013-11-22T13:24:07.954978+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
external
2013-11-22T13:24:07.955394+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
multiple_ccaches
2013-11-22T13:24:07.955583+01:00 om03830s vsftpd: pam_krb5[12362]: flag:
validate
2013-11-22T13:24:07.955759+01:00 om03830s vsftpd: pam_krb5[12362]: flag: warn
2013-11-22T13:24:07.955932+01:00 om03830s vsftpd: pam_krb5[12362]: minimum uid:
1
2013-11-22T13:24:07.956104+01:00 om03830s vsftpd: pam_krb5[12362]: banner:
Kerberos 5
2013-11-22T13:24:07.956274+01:00 om03830s vsftpd: pam_krb5[12362]: ccache dir:
/tmp
2013-11-22T13:24:07.956475+01:00 om03830s vsftpd: pam_krb5[12362]: ccname
template: DIR:/run/user/%U/krb5cc_XXXXXX
2013-11-22T13:24:07.956720+01:00 om03830s vsftpd: pam_krb5[12362]: keytab:
FILE:/etc/krb5.keytab
2013-11-22T13:24:07.956894+01:00 om03830s vsftpd: pam_krb5[12362]: token
strategy: 2b,rxk5
2013-11-22T13:24:07.957064+01:00 om03830s vsftpd: pam_krb5[12362]:
pam_acct_mgmt called for 'om03830', realm 'INTERNAL.EPO.ORG'
2013-11-22T13:24:07.957234+01:00 om03830s vsftpd: pam_krb5[12362]: account
management succeeds for 'om03830'
2013-11-22T13:24:07.957408+01:00 om03830s vsftpd: pam_krb5[12372]: no need to
create "/tmp"
2013-11-22T13:24:07.957520+01:00 om03830s vsftpd: pam_krb5[12372]: error
creating ccache using pattern "FILE:/tmp/krb5cc_1000_XXXXXX"
2013-11-22T13:24:07.957653+01:00 om03830s vsftpd: pam_krb5[12372]: error
creating ccache for user "om03830"
2013-11-22T13:24:07.957801+01:00 om03830s vsftpd: pam_krb5[12372]:
krb5_kuserok() says "true" for ("om03830@xxxxxxxxxxxxxxxx","om03830")
2013-11-22T13:24:07.957905+01:00 om03830s vsftpd: pam_krb5[12362]:
'om03830@xxxxxxxxxxxxxxxx' passes .k5login check for 'om03830'
2013-11-22T13:24:07.958106+01:00 om03830s vsftpd: pam_krb5[12362]:
pam_acct_mgmt returning 0 (Success)
2013-11-22T13:24:07.958279+01:00 om03830s vsftpd: pam_krb5[12362]: flag: debug
2013-11-22T13:24:07.958453+01:00 om03830s vsftpd: pam_krb5[12362]: flag: don't
always_allow_localname
2013-11-22T13:24:07.958631+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
ignore_afs
2013-11-22T13:24:07.958804+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
null_afs
2013-11-22T13:24:07.959012+01:00 om03830s vsftpd: pam_krb5[12362]: flag:
cred_session
2013-11-22T13:24:07.959190+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
ignore_k5login
2013-11-22T13:24:07.959363+01:00 om03830s vsftpd: pam_krb5[12362]: flag:
user_check
2013-11-22T13:24:07.959539+01:00 om03830s vsftpd: pam_krb5[12362]: will try
previously set password first
2013-11-22T13:24:07.959722+01:00 om03830s vsftpd: pam_krb5[12362]: will let
libkrb5 ask questions
2013-11-22T13:24:07.959894+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
use_shmem
2013-11-22T13:24:07.960068+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
external
2013-11-22T13:24:07.960241+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
multiple_ccaches
2013-11-22T13:24:07.960437+01:00 om03830s vsftpd: pam_krb5[12362]: flag:
validate
2013-11-22T13:24:07.960629+01:00 om03830s vsftpd: pam_krb5[12362]: flag: warn
2013-11-22T13:24:07.960802+01:00 om03830s vsftpd: pam_krb5[12362]: minimum uid:
1
2013-11-22T13:24:07.960973+01:00 om03830s vsftpd: pam_krb5[12362]: banner:
Kerberos 5
2013-11-22T13:24:07.961148+01:00 om03830s vsftpd: pam_krb5[12362]: ccache dir:
/tmp
2013-11-22T13:24:07.961320+01:00 om03830s vsftpd: pam_krb5[12362]: ccname
template: DIR:/run/user/%U/krb5cc_XXXXXX
2013-11-22T13:24:07.961491+01:00 om03830s vsftpd: pam_krb5[12362]: keytab:
FILE:/etc/krb5.keytab
2013-11-22T13:24:07.961668+01:00 om03830s vsftpd: pam_krb5[12362]: token
strategy: 2b,rxk5
2013-11-22T13:24:07.961857+01:00 om03830s vsftpd: pam_krb5[12362]: pam_setcred
(establish credential) called
2013-11-22T13:24:07.962042+01:00 om03830s vsftpd: pam_krb5[12362]: flag: debug
2013-11-22T13:24:07.962214+01:00 om03830s vsftpd: pam_krb5[12362]: flag: don't
always_allow_localname
2013-11-22T13:24:07.962385+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
ignore_afs
2013-11-22T13:24:07.962561+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
null_afs
2013-11-22T13:24:07.962733+01:00 om03830s vsftpd: pam_krb5[12362]: flag:
cred_session
2013-11-22T13:24:07.962905+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
ignore_k5login
2013-11-22T13:24:07.963075+01:00 om03830s vsftpd: pam_krb5[12362]: flag:
user_check
2013-11-22T13:24:07.963271+01:00 om03830s vsftpd: pam_krb5[12362]: will try
previously set password first
2013-11-22T13:24:07.963457+01:00 om03830s vsftpd: pam_krb5[12362]: will let
libkrb5 ask questions
2013-11-22T13:24:07.963634+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
use_shmem
2013-11-22T13:24:07.963807+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
external
2013-11-22T13:24:07.963990+01:00 om03830s vsftpd: pam_krb5[12362]: flag: no
multiple_ccaches
2013-11-22T13:24:07.964161+01:00 om03830s vsftpd: pam_krb5[12362]: flag:
validate
2013-11-22T13:24:07.964346+01:00 om03830s vsftpd: pam_krb5[12362]: flag: warn
2013-11-22T13:24:07.964518+01:00 om03830s vsftpd: pam_krb5[12362]: minimum uid:
1
2013-11-22T13:24:07.964715+01:00 om03830s vsftpd: pam_krb5[12362]: banner:
Kerberos 5
2013-11-22T13:24:07.964901+01:00 om03830s vsftpd: pam_krb5[12362]: ccache dir:
/tmp
2013-11-22T13:24:07.965074+01:00 om03830s vsftpd: pam_krb5[12362]: ccname
template: DIR:/run/user/%U/krb5cc_XXXXXX
2013-11-22T13:24:07.965245+01:00 om03830s vsftpd: pam_krb5[12362]: keytab:
FILE:/etc/krb5.keytab
2013-11-22T13:24:07.965415+01:00 om03830s vsftpd: pam_krb5[12362]: token
strategy: 2b,rxk5
2013-11-22T13:24:07.965594+01:00 om03830s vsftpd: pam_krb5[12362]:
pam_open_session called for 'om03830', realm 'INTERNAL.EPO.ORG'
2013-11-22T13:24:07.965795+01:00 om03830s vsftpd: pam_krb5[12362]: creating
ccache for 'om03830', uid=1000, gid=100
2013-11-22T13:24:07.965969+01:00 om03830s vsftpd: pam_krb5[12362]: no need to
create "/run/user/1000"
2013-11-22T13:24:07.966163+01:00 om03830s vsftpd: pam_krb5[12362]: error
creating ccache using pattern "DIR:/run/user/1000/krb5cc_XXXXXX"
2013-11-22T13:24:07.966348+01:00 om03830s vsftpd: pam_krb5[12362]: error
creating ccache for user "om03830"
2013-11-22T13:24:07.966519+01:00 om03830s vsftpd: pam_krb5[12362]:
pam_setcred(PAM_ESTABLISH_CRED) returning 14 (Cannot make/remove an entry for
the specified session)

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >