My Oracle Support Banner

Cannot login after applying patch 125795-01 (or later) using Kerberos-based security (Doc ID 1008231.1)

Last updated on APRIL 24, 2020

Applies to:

Solaris Operating System - Version 10 3/05 and later
All Platforms

Symptoms

On Solaris 10, after applying 125795-01 or later on sparc or 125796-01 on x86, ftp and telnet login by Kerberos-based security cannot be done.

The authentication request from the Kerberos client to Key Distribution Center(KDC) is also not generated.
e.g PAM setting of ftp:
---------------------------
ftp auth required pam_unix_cred.so.1
ftp auth sufficient pam_krb5.so.1
ftp auth required pam_unix_auth.so.1
---------------------------
Example messages seen when ftp login fails:
---------------------------
[TimeStamp] [hostname] ftpd[10996]: [ID 557960 auth.debug] PAM[10996]: pam_authenticate(62608, 1): /usr/lib/security/pam_unix_auth.so.1 returned Authentication failed
[TimeStamp] [hostname] ftpd[10996]: [ID 912489 auth.debug] PAM[10996]: pam_authenticate(62608, 1): error Authentication failed
---------------------------

 

Backing out the patch allows logins again and yields no errors.

Note that the above pam stack is actually an invalid configuration that happened to work before.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.