So I tried this work around, creating a sym link: ln -s /usr/lib64/libkadm5clnt_mit.so.12.0 /usr/lib64/security/pam_krb5_migrate.so.1
from ssh -vv -K debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No Kerberos credentials available (default cache: KEYRING:persistent:6105) >From the ssh logs after restarting sshd: sshd: PAM unable to resolve symbol: pam_sm_authenticate sshd: PAM unable to resolve symbol: pam_sm_setcred Any other suggestions on getting this working? On Fri, Oct 23, 2020 at 11:56 AM Robert Kudyba <rkud...@fordham.edu> wrote: > > On Fri, Oct 23, 2020 at 10:48 AM Robbie Harwood <rharw...@redhat.com> wrote: > > Robert Kudyba <rkud...@fordham.edu> writes: > > > > > /usr/lib64/security/pam_krb5_migrate.so.1. Got the following errors: > > > /usr/lib64/security/pam_krb5_migrate.so.1): libkadm5clnt_mit.so.11: > > > cannot open shared object file: No such file or directory > > > > In Fedora, libkad5clnt_mit.so is provided by libkadm5. However, there > > has been a soname bump (to 12). > > OK I see: > /usr/lib64/libkadm5clnt.so > /usr/lib64/libkadm5clnt_mit.so > /usr/lib64/libkadm5clnt_mit.so.12 > /usr/lib64/libkadm5clnt_mit.so.12.0 > > > Please be aware that neither I (Fedora maintainer) do not support > > external programs using the libkadm5 interfaces, and upstream krb5 does > > not provide stability guarantees for it. > > Sure, I understand. Just testing it at the moment. > > So can I use libkadm5clnt_mit.so.12.0 and reference that in the PAM > auth stack, wherever I had pam_krb5_migrate? Oracle has a migration > guide at > https://docs.oracle.com/cd/E23824_01/html/821-1456/setup-148.html#faavx > that I'm trying to follow. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
