[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ksu error

To: heimdal-discuss@sics.se
Subject: ksu error
From: <andrew@andrewlinux.com>
Date: Sun, 11 May 2008 01:30:43 +0200 (CEST)
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
Reply-To: heimdal-discuss@sics.se, <andrew@andrewlinux.com>

Hello,

My name is Andrew Montalvo, was wondering if someone has seen this error, I've
configured Kerberos on FreeBSD 6.3 Stable, configured the following:

amfreebsd# ls -l kr*
-rw-r--r--  1 root  wheel  516 May 10 15:59 krb5.conf
-rwxr-xr-x  1 root  wheel  342 Feb 13 19:18 krb5.keytab

amfreebsd# cat krb5.conf
[libdefaults]
	default_realm = ANDREWLINUX.COM
	encrypt = true

[appdefaults]
	kinit = {
	forwardable = true
	renewable = true
		}

[realms]
	ANDREWLINUX.COM = {
	kdc = amfreebsd.andrewlinux.com
	admin_server = amfreebsd.andrewlinux.com
	default_domain = andrewlinux.com
	kpasswd_server = amfreebsd.andrewlinux.com
		}

[domain_realm]
	andrewlinux.com  = ANDREWLINUX.COM
	.andrewlinux.com  = ANDREWLINUX.COM

[logging]
	kdc = FILE:/var/log/krb5kdc
	admin_server = FILE:/var/log/kadmin
	default = FILE:/var/log/krb5
-----------------------------------------------
amfreebsd# strings krb5.keytab
ANDREWLINUX.COM
host
amfreebsd.andrewlinux.com
ANDREWLINUX.COM
host
amfreebsd.andrewlinux.com
ANDREWLINUX.COM
host
amfreebsd.andrewlinux.com
ANDREWLINUX.COM
host
amfreebsd.andrewlinux.com

/var/heimdal
amfreebsd# ls -l
total 78
-rw-------  1 root  wheel  24576 May 10 15:29 heimdal.db
-rw-r--r--  1 root  wheel     67 Mar  4 23:06 kadmind.acl
-rw-r--r--  1 root  wheel  11314 Feb 12 15:50 kdc.log
-rw-r--r--  1 root  wheel    361 Mar  4 22:45 krb5.conf
-rw-------  1 root  wheel  33002 May 10 15:29 log
-rw-------  1 root  wheel    142 Mar 16 13:01 m-key
-rw-------  1 root  wheel     72 Feb 11 15:02 m-key.old

amfreebsd# cat kadmind.acl
andrew/admin@ANDREWLINUX.COM	all
andrewm/admin@ANDREWLINUX.COM	all

/root
amfreebsd# ls -l
total 14
-rw-r--r--  2 root  wheel   801 Jan 15 16:33 .cshrc
-rw-------  1 root  wheel  2337 May 10 16:18 .history
-rw-r--r--  1 root  wheel   202 Feb 11 15:20 .k5login
-rw-r--r--  1 root  wheel   293 Jan 15 16:33 .login
-rw-r--r--  2 root  wheel   251 Jan 15 16:33 .profile
drwx------  2 root  wheel   512 Feb 19 14:26 .ssh

# $FreeBSD: src/etc/root/dot.k5login,v 1.1 2003/04/30 20:58:49 markm Exp $
#
# user1/root@YOUR.REALM.WHEREVER
# user2/root@YOUR.REALM.WHEREVER
#
andrew/root@ANDREWLINUX.COM

But when I login and type ksu, I get the following error:

%ksu
andrew/root@ANDREWLINUX.COM's Password:
ksu: setgid: Operation not permitted

 I can kadmin just fine

kadmin> list andrew*
andrew/admin@ANDREWLINUX.COM's Password:
  andrew@ANDREWLINUX.COM
  andrew/root@ANDREWLINUX.COM
  andrew/admin@ANDREWLINUX.COM

kadmin> get andrew/root
andrew/admin@ANDREWLINUX.COM's Password:
	       Principal: andrew/root@ANDREWLINUX.COM
       Principal expires: never
	Password expires: never
    Last password change: never
	 Max ticket life: 1 day
      Max renewable life: 1 week
		    Kvno: 1
		   Mkvno: 0
		  Policy: none
   Last successful login: never
       Last failed login: never
      Failed login count: 0
	   Last modified: 2008-05-10 23:25:41 UTC
		Modifier: andrew/admin@ANDREWLINUX.COM
	      Attributes: requires-pre-auth
Keytypes(salttype[(salt-value)]): des3-cbc-sha1(pw-salt), des-cbc-md5(pw-salt),
des-cbc-md4(pw-salt), des-cbc-crc(pw-salt)

Any assistance would be appreciated.

Thanks,

Andrew

Follow-Ups:
- Re: ksu error
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: Using NTLM & NTLMV2
Next by Date: Re: ksu error
Prev by thread: Re: Using NTLM & NTLMV2
Next by thread: Re: ksu error
Index(es):
- Date
- Thread