<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello all,<br>
<br>
I'm currently migrating to kerberos authentication. Authentication
runs well<br>
using ssh, does not run for lightdm. I'have left things unchanged
within /etc/pam.d <br>
for lightdm. Stuffs involved follows (/etc/pam.d/system-auth,
/etc/pam.d/lightdm,<br>
login traces ...<br>
<br>
<b><tt>more system-auth</tt></b><tt><br>
</tt><tt>#%PAM-1.0</tt><tt><br>
</tt><tt># This file is auto-generated.</tt><tt><br>
</tt><tt># User changes will be destroyed the next time authconfig
is run.</tt><tt><br>
</tt><tt>auth required pam_env.so</tt><tt><br>
</tt><tt>auth sufficient pam_fprintd.so</tt><tt><br>
</tt><tt>auth sufficient pam_unix.so nullok try_first_pass</tt><tt><br>
</tt><tt>auth requisite pam_succeed_if.so uid >= 100
quiet_success</tt><tt><br>
</tt><tt>auth required pam_deny.so</tt><tt><br>
</tt><tt><br>
</tt><tt>account required pam_unix.so</tt><tt><br>
</tt><tt>account sufficient pam_localuser.so</tt><tt><br>
</tt><tt>account sufficient pam_succeed_if.so uid < 100
quiet</tt><tt><br>
</tt><tt>account sufficient [default=bad success=ok
user_unknown=ignore] <b>pam_krb5.so</b></tt><tt><br>
</tt><tt>account required pam_permit.so</tt><tt><br>
</tt><tt><br>
</tt><tt>password requisite pam_pwquality.so try_first_pass
local_users_only retry=3 authtok_type=</tt><tt><br>
</tt><tt>password sufficient pam_unix.so sha512 shadow nullok
try_first_pass use_authtok</tt><tt><br>
</tt><tt>password required pam_deny.so</tt><tt><br>
</tt><tt><br>
</tt><tt>session optional pam_keyinit.so revoke</tt><tt><br>
</tt><tt>session required pam_limits.so</tt><tt><br>
</tt><tt>session optional pam_systemd.so</tt><tt><br>
</tt><tt>session [success=1 default=ignore] pam_succeed_if.so
service in crond quiet use_uid</tt><tt><br>
</tt><tt>session required pam_unix.so</tt><tt><br>
</tt><tt>session optional <b>pam_krb5.so</b></tt><br>
<br>
<b><tt>more lightdm</tt></b><tt><br>
</tt><tt>#%PAM-1.0</tt><tt><br>
</tt><tt>auth [success=done ignore=ignore default=bad]
pam_selinux_permit.so</tt><tt><br>
</tt><tt>auth required pam_env.so</tt><tt><br>
</tt><tt>auth include <b>system-auth</b></tt><tt><br>
</tt><tt>-auth optional pam_gnome_keyring.so</tt><tt><br>
</tt><tt>-auth optional pam_kwallet5.so</tt><tt><br>
</tt><tt>-auth optional pam_kwallet.so</tt><tt><br>
</tt><tt>auth include postlogin</tt><tt><br>
</tt><tt>account required pam_nologin.so</tt><tt><br>
</tt><tt>account include system-auth</tt><tt><br>
</tt><tt>password include system-auth</tt><tt><br>
</tt><tt>session required pam_selinux.so close</tt><tt><br>
</tt><tt>session required pam_loginuid.so</tt><tt><br>
</tt><tt>session optional pam_console.so</tt><tt><br>
</tt><tt>-session optional pam_ck_connector.so</tt><tt><br>
</tt><tt>session required pam_selinux.so open</tt><tt><br>
</tt><tt>session optional pam_keyinit.so force revoke</tt><tt><br>
</tt><tt>session required pam_namespace.so</tt><tt><br>
</tt><tt>-session optional pam_gnome_keyring.so auto_start</tt><tt><br>
</tt><tt>-session optional pam_kwallet5.so</tt><tt><br>
</tt><tt>-session optional pam_kwallet.so</tt><tt><br>
</tt><tt>session include system-auth</tt><tt><br>
</tt><tt>session optional pam_lastlog.so silent</tt><tt><br>
</tt><tt>session include postlogin</tt><tt><br>
</tt><br>
systemctl start lightdm.service<br>
<br>
<tt>Dec 2 09:51:08 localhost systemd: Starting Light Display
Manager...</tt><tt><br>
</tt><tt>Dec 2 09:51:08 localhost systemd: Started Light Display
Manager.</tt><tt><br>
</tt><tt>Dec 2 09:51:08 localhost audit: <audit-1130> pid=1
uid=0 auid=4294967295 ses=4294967295 msg='unit=lightdm
comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=?
terminal=? res=success'</tt><tt><br>
</tt><tt>Dec 2 09:51:08 localhost audit: <audit-1103>
pid=2735 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred
grantors=pam_env,pam_env,pam_fprintd acct="lightdm"
exe="/usr/sbin/lightdm" hostname=? addr=? terminal=:0 res=success'</tt><tt><br>
</tt><tt>Dec 2 09:51:08 localhost systemd: Created slice
user-987.slice.</tt><tt><br>
</tt><tt>Dec 2 09:51:08 localhost systemd: Starting user-987.slice.</tt><tt><br>
</tt><tt>Dec 2 09:51:08 localhost systemd: Starting User Manager
for UID 987...</tt><tt><br>
</tt><tt>Dec 2 09:51:08 localhost systemd-logind: New session 17 of
user lightdm.</tt><tt><br>
</tt><tt>Dec 2 09:51:08 localhost systemd: Started Session 17 of
user lightdm.</tt><tt><br>
</tt><tt>Dec 2 09:51:08 localhost systemd: Starting Session 17 of
user lightdm.</tt><tt><br>
</tt><tt>Dec 2 09:51:08 localhost audit: <audit-1101>
pid=2740 uid=0 auid=4294967295 ses=4294967295
msg='op=PAM:accounting grantors=pam_unix,pam_localuser
acct="lightdm" exe="/usr/lib/systemd/systemd" hostname=? addr=?
terminal=? res=success'</tt><tt><br>
</tt><tt>Dec 2 09:51:08 localhost audit: <audit-1105>
pid=2740 uid=0 auid=4294967295 ses=4294967295
msg='op=PAM:session_open <b>grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_krb5</b>
acct="lightdm" exe="/usr/lib/systemd/systemd" hostname=? addr=?
terminal=? res=success'</tt><tt><br>
</tt><tt>Dec 2 09:51:09 localhost systemd: Reached target Paths.</tt><tt><br>
</tt><tt>Dec 2 09:51:09 localhost systemd: Starting Paths.</tt><tt><br>
</tt><tt>Dec 2 09:51:09 localhost systemd: Reached target Sockets.</tt><tt><br>
</tt><tt>Dec 2 09:51:09 localhost systemd: Starting Sockets.</tt><tt><br>
</tt><tt>Dec 2 09:51:09 localhost systemd: Reached target Timers.</tt><tt><br>
</tt><tt>Dec 2 09:51:09 localhost systemd: Starting Timers.</tt><tt><br>
</tt><tt>Dec 2 09:51:09 localhost systemd: Reached target Basic
System.</tt><tt><br>
</tt><tt>Dec 2 09:51:09 localhost systemd: Starting Basic System.</tt><tt><br>
</tt><tt>Dec 2 09:51:09 localhost systemd: Reached target Default.</tt><tt><br>
</tt><tt>Dec 2 09:51:09 localhost systemd: Startup finished in
13ms.</tt><tt><br>
</tt><tt>Dec 2 09:51:09 localhost systemd: Started User Manager for
UID 987.</tt><tt><br>
</tt><tt>Dec 2 09:51:09 localhost audit: <audit-1130> pid=1
uid=0 auid=4294967295 ses=4294967295 msg='unit=user@987
comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=?
terminal=? res=success'</tt><tt><br>
</tt><tt>Dec 2 09:51:09 localhost audit: <audit-1105>
pid=2735 uid=0 auid=987 ses=17 msg='op=PAM:session_open
grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_gnome_keyring,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_krb5,pam_lastlog,pam_lastlog
acct="lightdm" exe="/usr/sbin/lightdm" hostname=? addr=?
terminal=:0 res=success'</tt><tt><br>
</tt><tt>Dec 2 09:51:09 localhost systemd: Starting Default.</tt><tt><br>
<br>
<b>login trace</b> <br>
</tt><tt><br>
</tt><tt>Dec 2 09:53:18 localhost xinetd[527]: START: x11vnc
pid=2762 from=148.60.14.17</tt><tt><br>
</tt><tt>Dec 2 09:53:32 localhost dbus[474]: [system] Activating
via systemd: service name='net.reactivated.Fprint'
unit='fprintd.service'</tt><tt><br>
</tt><tt>Dec 2 09:53:32 localhost systemd: Starting Fingerprint
Authentication Daemon...</tt><tt><br>
</tt><tt>Dec 2 09:53:32 localhost dbus[474]: [system] Successfully
activated service 'net.reactivated.Fprint'</tt><tt><br>
</tt><tt>Dec 2 09:53:32 localhost systemd: Started Fingerprint
Authentication Daemon.</tt><tt><br>
</tt><tt>Dec 2 09:53:32 localhost audit: <audit-1130> pid=1
uid=0 auid=4294967295 ses=4294967295 msg='unit=fprintd
comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=?
terminal=? res=success'</tt><tt><br>
</tt><tt>Dec 2 09:53:36 localhost audit: <audit-1100>
pid=2763 uid=0 auid=4294967295 ses=4294967295 msg='<b>op=PAM:authentication
grantors=?</b> acct="dagorn" exe="/usr/sbin/lightdm" hostname=?
addr=? terminal=:0 res=failed'</tt><br>
<br>
Any help would be appreciated.<br>
Cheers.<br>
<pre class="moz-signature" cols="160">--
François
Université de Rennes 1
</pre>
</body>
</html>