Thanks for the idea. I will see how I can go about that. I just downloaded Solaris 11 Express and duplicated the error. Auth works, but same message at every login.
On Sun, Nov 14, 2010 at 4:57 AM, Chris Ridd <chrisr...@mac.com> wrote: > > On 14 Nov 2010, at 00:15, Patrick O'Sullivan wrote: > >> Hello all, >> >> I successfully have gotten authentication to an AD Kerberos server >> working along with uid/gid resolution from AD LDAP. However, I am >> getting a strange PAM error and the only reference I can find for it >> is in the OpenSolaris PAM source code. >> >> r...@oitest1:~# uname -a >> SunOS oitest1 5.11 oi_147 i86pc i386 i86pc Solaris >> >> Now, logging in from another machine: >> >> $ ssh user...@oitest1 >> Password: >> Your Kerberos account/password will expire in 9801 days. >> >> >> Last login: Sat Nov 13 13:42:30 2010 from 10.128.6.55 >> OpenIndiana SunOS 5.11 oi_147 September 2010 >> -bash-4.0$ id >> uid=20002(userfoo) gid=30000(staff) >> -bash-4.0$ getent passwd userfoo >> userfoo:x:20002:30000:User Foo:/home/userfoo:/bin/bash >> >> Now, the weird part. At the time of logging in, I get the following log >> entry: >> >> Nov 13 13:45:25 oitest1 sshd[3925]: [ID 414352 auth.error] >> /etc/pam.conf no initial module present >> Nov 13 13:47:09 oitest1 last message repeated 3 times >> Nov 13 13:47:11 oitest1 sshd[3945]: [ID 414352 auth.error] >> /etc/pam.conf no initial module present >> >> Here's my /etc/pam.conf: >> >> r...@oitest1:~# egrep -v "^\#" /etc/pam.conf >> login auth requisite pam_authtok_get.so.1 >> login auth required pam_dhkeys.so.1 >> login auth required pam_unix_cred.so.1 >> login auth sufficient pam_krb5.so.1 >> login auth required pam_unix_auth.so.1 >> login auth required pam_dial_auth.so.1 >> other auth requisite pam_authtok_get.so.1 >> other auth required pam_dhkeys.so.1 >> other auth required pam_unix_cred.so.1 >> other auth sufficient pam_krb5.so.1 >> other auth required pam_unix_auth.so.1 >> other account requisite pam_roles.so.1 >> other account required pam_unix_account.so.1 >> other account required pam_krb5.so.1 >> other password required pam_dhkeys.so.1 >> other password requisite pam_authtok_get.so.1 >> other password requisite pam_authtok_check.so.1 >> other password sufficient pam_krb5.so.1 >> other password required pam_authtok_store.so.1 >> >> P.S. I also get this when logging in directly from console, except the >> error is associated with login instead of sshd. >> >> Anyone have any thoughts? Thanks in advance. > > No real ideas - pam's a bit of a mystery to me - but could you get dtrace to > help? Get a stack trace on the failing call to run_stack (which is what > outputs that error) and maybe that gives an idea of which part of pam.conf is > wrong. > > Cheers, > > Chris > > _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
