Package: libpam-modules
Version: 1.1.3-1
Severity: important
This is a SID-system which is updated daily. It uses kerberos and ldap
for user authentication. Since today I cannot log in any more as an
ordinary user. When I do, I get the following messages in auth.log:
Jun 14 23:27:14 jupiter polkitd(authority=local): Registered Authentication
Agent for unix-session:/org/freedesktop/ConsoleKit/Session6 (system bus name
:1.78 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object
path /org/gnome/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Jun 14 23:27:23 jupiter krb5kdc[2350]: AS_REQ (7 etypes {18 17 16 23 1 3 2})
192.168.8.3: NEEDED_PREAUTH: [email protected] for krbtgt/[email protected],
Additional pre-authentication required
Jun 14 23:27:23 jupiter krb5kdc[2350]: AS_REQ (7 etypes {18 17 16 23 1 3 2})
192.168.8.3: ISSUE: authtime 1308086843, etypes {rep=18 tkt=16 ses=16},
[email protected] for krbtgt/[email protected]
Jun 14 23:27:23 jupiter krb5kdc[2350]: TGS_REQ (7 etypes {18 17 16 23 1 3 2})
192.168.8.3: ISSUE: authtime 1308086843, etypes {rep=16 tkt=18 ses=18},
[email protected] for host/[email protected]
Jun 14 23:27:23 jupiter gdm-session-worker[6863]: pam_krb5(gdm3:auth): user
fkoop authenticated as [email protected]
Jun 14 23:27:23 jupiter gdm-session-worker[6863]: pam_unix(gdm3:account): could
not identify user (from getpwnam(fkoop))
This is the setting in pam.d/gdm3:
#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_env.so readenv=1
auth required pam_env.so readenv=1 envfile=/etc/default/locale
# auth required pam_succeed_if.so user != root quiet_success
@include common-auth
auth optional pam_gnome_keyring.so
@include common-account
session required pam_limits.so
@include common-session
session optional pam_gnome_keyring.so auto_start
@include common-password
and the corresponding common.account file:
#
# /etc/pam.d/common-account - authorization settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system. The default is to
# only deny service to users whose accounts are expired in /etc/shadow.
#
account required pam_krb5.so minimum_uid=1000
account sufficient pam_ldap.so
account sufficient pam_unix.so
account required pam_deny.so
#account sufficient pam_unix.so
Any more information that is necessary? Anything I could do to help debug
this problem?
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.39-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libpam-modules depends on:
ii cdebconf [debconf-2.0] 0.155 Debian Configuration Management Sy
ii debconf [debconf-2.0] 1.5.39 Debian configuration management sy
ii libc6 2.13-7 Embedded GNU C Library: Shared lib
ii libdb5.1 5.1.25-10 Berkeley v5.1 Database Libraries [
ii libpam0g 1.1.3-1 Pluggable Authentication Modules l
ii libselinux1 2.0.98-1+b1 SELinux runtime shared libraries
libpam-modules recommends no packages.
libpam-modules suggests no packages.
-- debconf information excluded
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
