[OpenAFS] Updates to pam_krb5 not allowing ssh as root

Karen Eldredge karen.eldredge@infoprint.com
Thu, 3 Sep 2009 13:47:48 -0600 

We recently just updated the pam-krb5 supplied by Russ Allbery from 3.10 to
3.15 and since the update we are not able to ssh as root.  Has anyone seen this
behavior  before?  Here are the contents of /var/log/messages.  It should be
ignoring root, but from this log it seems to be failing at pam_sm_authenticate
& pam_setcred .  Any help would be appreciated.

Sep  1 09:53:43 sprftp sshd[22646]: Received signal 15; terminating.
Sep  1 09:53:44 sprftp sshd[29201]: Server listening on 0.0.0.0 port 22.
Sep  1 09:53:51 sprftp sshd[29209]: (pam_krb5): none: pam_sm_authenticate:
entry (0x1)
Sep  1 09:53:51 sprftp sshd[29209]: (pam_krb5): root: ignoring root user
Sep  1 09:53:51 sprftp sshd[29209]: (pam_krb5): root: pam_sm_authenticate: exit
(failure)
Sep  1 09:53:51 sprftp sshd[29209]: pam_unix2(sshd:auth): pam_sm_authenticate()
called
Sep  1 09:53:51 sprftp sshd[29209]: pam_unix2(sshd:auth): username=[root]
Sep  1 09:53:51 sprftp sshd[29205]: Postponed keyboard-interactive for root
from 172.27.18.45 port 37093 ssh2
Sep  1 09:53:55 sprftp sshd[29209]: pam_unix2(sshd:auth): pam_sm_authenticate:
PAM_SUCCESS
Sep  1 09:53:55 sprftp sshd[29209]: (pam_krb5): none: pam_sm_acct_mgmt: entry
(0x0)
Sep  1 09:53:55 sprftp sshd[29209]: (pam_krb5): none: skipping non-Kerberos
login
Sep  1 09:53:55 sprftp sshd[29209]: (pam_krb5): none: pam_sm_acct_mgmt: exit
(ignore)
Sep  1 09:53:55 sprftp sshd[29205]: Postponed keyboard-interactive/pam for root
from 172.27.18.45 port 37093 ssh2
Sep  1 09:53:55 sprftp sshd[29205]: Accepted keyboard-interactive/pam for root
from 172.27.18.45 port 37093 ssh2
Sep  1 09:53:55 sprftp sshd[29205]: (pam_krb5): none: pam_sm_setcred: entry
(0x2)
Sep  1 09:53:55 sprftp sshd[29205]: (pam_krb5): none: no context found,
creating one
Sep  1 09:53:55 sprftp sshd[29205]: (pam_krb5): none: ignoring root user
Sep  1 09:53:55 sprftp sshd[29205]: (pam_krb5): none: pam_sm_setcred: exit
(ignore)
Sep  1 09:53:55 sprftp sshd[29205]: pam_unix2(sshd:setcred): pam_sm_setcred()
called
Sep  1 09:53:55 sprftp sshd[29205]: pam_unix2(sshd:setcred): username=[root]
Sep  1 09:53:55 sprftp sshd[29205]: pam_unix2(sshd:setcred): pam_sm_setcred:
PAM_SUCCESS
Sep  1 09:53:55 sprftp sshd[29205]: fatal: PAM: pam_setcred(): The return value
should be ignored by PAM dispatch
Sep  1 09:54:20 sprftp sshd[29201]: Received signal 15; terminating.
Sep  1 09:54:20 sprftp sshd[29268]: Server listening on 0.0.0.0 port 22.


_____________________________________________________________________________
"This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you." _____________________________________________________________________________