search

rra / pam-krb5

PAM module for Kerberos authentication
https://www.eyrie.org/~eagle/software/pam-krb5/
Other
19 stars 14 forks source link

Debugging issue / configuration issue #11

Closed EugenMayer closed 4 years ago

EugenMayer commented 5 years ago

I am failing to enable the debug mode to get more verbose output why ticket forwarding potentially does not work

I have a elaborated setup description here https://serverfault.com/q/947900/281162

as you see I enable trace, debug and also use rsyslog with *. debug /var/log/debug

neither trace nor debug is working

as you see my configuration works for mod_kerb_auth with apache, also with kinit and so on, so I assume the krb5.conf is fine.

what i wonder about is though, what SPN is required when logging through Pam... for apache mod_kerb_auth it must be HTTP/request-domain

could it be different for Pam krb? I read something about the SPN to be the hostame? does this mean $(hostname - f)@DOMAIN.. how does Pam krb determine the SPN? can I manually set it?

rra commented 4 years ago

Apologies for not having responded to this in forever. :(

It looks like from the linked ServerFault question that this turned out to be an nginx and HTTP protocol issue rather than a PAM issue. I'm therefore closing this out, but let me know if I got that wrong.