(RADIATOR) Re: Radiatior and PAM authentication for Kerberos 5

[Forbes Mike]

I think I fixed the problem (wan't running radiator as root).  I am
interested if this is how are other are
doing kerb.

Thanks,

Mike Forbes

On Fri, 31 Aug 2001, Forbes Mike wrote:

>
> I am using Radiatior on Redhat 7.1 with PAM authentication.  I have the
> radius.cfg as
> follows:
>
> <Realm DEFAULT>
>         <AuthBy PAM>
>         Service radiusd
>         </AuthBy>
>
>         # Log accounting to a detail file
>         AcctLogFileName %L/detail
> </Realm>
>
> <Client x.x.x.x>
>         Secret  mysecret
>         NasType Cisco
>         DupInterval 0
> </Client>
>
>
> more /etc/pam.d/radiusd
> auth     required       /lib/security/pam_krb5.so
>
> I get the following /var/messages
>
> Aug 31 21:10:54 radii perl: pam_krb5: authentication succeeds for forbeskm
>
> I get the following from radius logfile
>
> Fri Aug 31 21:10:54 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Aug 31 21:10:54 2001: DEBUG:  Deleting session for forbeskm,
> x.x.x.x, 3
> Fri Aug 31 21:10:54 2001: DEBUG: Handling with PAM service radiusd
> Fri Aug 31 21:10:54 2001: DEBUG: PAM is asking for 'Password'
> Fri Aug 31 21:10:54 2001: INFO: Access rejected for forbeskm:
> Authentication service cannot retrieve authentication info.:
> Fri Aug 31 21:10:54 2001: DEBUG: Packet dump:
>
>
> Why is this failing, is it my krb5.conf that may be misconfigured.  I did
> not have any luck with getting more debug info from putting debug = true
> in the [pam] section.
>
> Anybody else doing kerb5 authentication with the radiator??
>
> Thanks,
>
> Mike Forbes
>
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.