(RADIATOR) Testing help with new Kerberos5 Auth Module.
Steve Harper
S.harper at m.cc.utah.edu
Fri Mar 26 19:53:36 CST 2004
Hello, I work for the University of Utah where we have a site license for
Radiator. I've written a Kerberos 5 Authentication module for Radiator
(AuthKRB5.pm) because of Authen::PAM's segfaulting on Solaris 2.8 and up.
Its based on AuthTEST.pm and AuthPAM.pm, and uses the CPAN Perl module
Authen::KRB5 V1.3 which requires MIT kerberos.
I'm running this on Solaris 2.9, with Perl 5.8.1, MIT Kerberos 1.2.7, and
Radiator 3.9.
It works fine with the radpwtst utility shipped with Radiator, but when I
try to use it with our 802.1x clients / access point it fails with:
Access rejected for testuser: Kinit failed: No such device or address
The corresponding point of failure looking at things with truss seems to
be where the * is. It opens a socket, requests the TGT for the users,
polls, and then recieves it. ENXIO maps to "No such device or address".
It then opens and unlinks the credential cache.
so_socket(PF_INET, SOCK_DGRAM, IPPROTO_IP, "", 1) = 6
connect(6, 0x004D1460, 16, 1) = 0
send(6, 0x006D6E00, 184, 0) = 184
j81B5 081B2A103020105A2030201\nA481A5 081A2A0070305\0\0\0\0\0A1
<snip>
poll(0xFFBFF408, 1, 1000) = 1
recv(6, 0x00BBA980, 4096, 0) = 525
k8202\t 0820205A003020105A1030201\vA3\n1B\b U T A H . E D UA415
<snip>
close(6) = 0
*ioctl(0, TCGETS, 0xFFBFF520) Err#6 ENXIO
open("/tmp/krb5cc_0", O_RDWR) = 6
unlink("/tmp/krb5cc_0") = 0
I was curious if anyone had any idea why I might be getting such an error
or would be willing to test the code in their environment and let me know
their results. Any code improvements or suggestions would likewise be
greatly appreciated.
You can download the code from
http://dev.scl.utah.edu/AuthKRB5.pm
Thanks in advance for any help,
Steve Harper Campus Student Computing
Sys Admin Marriott Library
s.harper at utah.edu University of Utah
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list