My Oracle Support Banner

Cannot login after applying patch 125795-01 (or later) using Kerberos-based security (Doc ID 1008231.1)

Last updated on APRIL 24, 2020

Applies to:

Solaris Operating System - Version 10 3/05 and later
All Platforms


On Solaris 10, after applying 125795-01 or later on sparc or 125796-01 on x86, ftp and telnet login by Kerberos-based security cannot be done.

The authentication request from the Kerberos client to Key Distribution Center(KDC) is also not generated.
e.g PAM setting of ftp:
ftp auth required
ftp auth sufficient
ftp auth required
Example messages seen when ftp login fails:
[TimeStamp] [hostname] ftpd[10996]: [ID 557960 auth.debug] PAM[10996]: pam_authenticate(62608, 1): /usr/lib/security/ returned Authentication failed
[TimeStamp] [hostname] ftpd[10996]: [ID 912489 auth.debug] PAM[10996]: pam_authenticate(62608, 1): error Authentication failed


Backing out the patch allows logins again and yields no errors.

Note that the above pam stack is actually an invalid configuration that happened to work before.




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.