Immediate logout after login with PAM, Kerberos, and LDAP
- by Dylan Klomparens
I've set up remote login on a computer using Kerberos and LDAP. I've also configured NFS to mount onto /home so that the user's home directory is the same wherever they login.
Kerberos authentication seems to work fine. I can get a ticket using kinit user1 (assuming user1 is a remote user) and see the ticket with klist.
I'm pretty sure LDAP is working because I see the proper output from getent passwd, which lists all the remote users.
The contents of /home are present when I list the files.
The problem is: when I try to login as a remote user the session is immediately ended. Why is it not letting me stay logged in? Here is the output from /var/log/messages after a login attempt:
# /var/log/messages:
Oct 9 10:57:53 tophat login[6472]: pam_krb5[6472]: authentication succeeds for 'user1' ([email protected])
Oct 9 10:57:53 tophat login[6472]: pam_krb5[6472]: pam_setcred (establish credential) called
Oct 9 10:57:53 tophat login[6472]: pam_krb5[6472]: pam_setcred (delete credential) called
EDIT:
The distro is openSUSE. Here are the common-* files in /etc/pam.d:
# /etc/pam.d/common-account
account required pam_unix.so
# /etc/pam.d/common-auth
auth sufficient pam_krb5.so minimum_uid=1000
auth required pam_unix.so nullok_secure try_first_pass
# /etc/pam.d/common-session
session optional pam_umask.so umask=002
session sufficient pam_krb5.so minimum_uid=1000
session required pam_unix.so
There doesn't appear to be a /var/log/auth.log file nor a /var/log/secure file.