Cannot login after applying patch 125795-01 (or later) using Kerberos-based security

(Doc ID 1008231.1)

Last updated on OCTOBER 03, 2012

Applies to:

Solaris SPARC Operating System - Version 10 3/05 and later
All Platforms

Symptoms

On Solaris 10, after applying 125795-01 or later on sparc or 125796-01 on x86, ftp and telnet login by Kerberos-based security cannot be done.

The authentication request from the Kerberos client to Key Distribution Center(KDC) is also not generated.
e.g PAM setting of ftp:
---------------------------
ftp auth required pam_unix_cred.so.1
ftp auth sufficient pam_krb5.so.1
ftp auth required pam_unix_auth.so.1
---------------------------
Example messages seen when ftp login fails:
---------------------------
[TimeStamp] [hostname] ftpd[10996]: [ID 557960 auth.debug] PAM[10996]: pam_authenticate(62608, 1): /usr/lib/security/pam_unix_auth.so.1 returned Authentication failed
[TimeStamp] [hostname] ftpd[10996]: [ID 912489 auth.debug] PAM[10996]: pam_authenticate(62608, 1): error Authentication failed
---------------------------

 

Backing out the patch allows logins again and yields no errors.

Note that the above pam stack is actually an invalid configuration that happened to work before.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms