Cannot login after applying patch 125795-01 (or later) using Kerberos-based security

(Doc ID 1008231.1)

Last updated on OCTOBER 03, 2012

Applies to:

Solaris SPARC Operating System - Version 10 3/05 and later
All Platforms


On Solaris 10, after applying 125795-01 or later on sparc or 125796-01 on x86, ftp and telnet login by Kerberos-based security cannot be done.

The authentication request from the Kerberos client to Key Distribution Center(KDC) is also not generated.
e.g PAM setting of ftp:
ftp auth required
ftp auth sufficient
ftp auth required
Example messages seen when ftp login fails:
[TimeStamp] [hostname] ftpd[10996]: [ID 557960 auth.debug] PAM[10996]: pam_authenticate(62608, 1): /usr/lib/security/ returned Authentication failed
[TimeStamp] [hostname] ftpd[10996]: [ID 912489 auth.debug] PAM[10996]: pam_authenticate(62608, 1): error Authentication failed


Backing out the patch allows logins again and yields no errors.

Note that the above pam stack is actually an invalid configuration that happened to work before.


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms