Login with kerberos user on ubuntu 16.04 Desktop with sudo privilegesLightdm fails to login and redirectsProtect root-owned script against tampering and run unattended w/ sudoers' NOPASSWDLogin Loop for Guest Account only on 16.04Problem with AD user authentication after joining Windows DomainSSSD ad authentication windows server 2012 R2Cannot change password for local accountKerberos SSH LoginRunning login script in Unity for 16.04Unable to end session/log out using lightdm (16.04)ubuntu 16.04 lightdm: stuck at login loop, but startx works
I keep switching characters, how do I stop?
Does capillary rise violate hydrostatic paradox?
Walter Rudin's mathematical analysis: theorem 2.43. Why proof can't work under the perfect set is uncountable.
How would a solely written language work mechanically
Why do Radio Buttons not fill the entire outer circle?
What properties make a magic weapon befit a Rogue more than a DEX-based Fighter?
Can a Knock spell open the door to Mordenkainen's Magnificent Mansion?
What is this high flying aircraft over Pennsylvania?
How to preserve electronics (computers, ipads, phones) for hundreds of years?
Can you take a "free object interaction" while incapacitated?
Writing in a Christian voice
Sort with assumptions
How can I, as DM, avoid the Conga Line of Death occurring when implementing some form of flanking rule?
How to test the sharpness of a knife?
Calculate Pi using Monte Carlo
New Order #2: Turn My Way
Did I make a mistake by ccing email to boss to others?
What is the period/term used describe Giuseppe Arcimboldo's style of painting?
Should a narrator ever describe things based on a character's view instead of facts?
Is there a distance limit for minecart tracks?
Why can't I get pgrep output right to variable on bash script?
Put the phone down / Put down the phone
How to split IPA spelling into syllables
Why didn’t Eve recognize the little cockroach as a living organism?
Login with kerberos user on ubuntu 16.04 Desktop with sudo privileges
Lightdm fails to login and redirectsProtect root-owned script against tampering and run unattended w/ sudoers' NOPASSWDLogin Loop for Guest Account only on 16.04Problem with AD user authentication after joining Windows DomainSSSD ad authentication windows server 2012 R2Cannot change password for local accountKerberos SSH LoginRunning login script in Unity for 16.04Unable to end session/log out using lightdm (16.04)ubuntu 16.04 lightdm: stuck at login loop, but startx works
I'm setting up a lab, in this case we have few ubuntu 16.04 Desktop, in that I'm planning to login with kerberos user with sudo privileges. It means, whenever a new user login to this desktop with his kerberos creds, a home directory will create and he will get sudo privileges for this machine.
Env:-
16.04.4 LTS (Xenial Xerus)"
4.13.0-36-generic
In my case user=test , domain = AD.TEST.EDU hostname = test.com
Added in /etc/pam.d/common-session for enabling home directory
session optional pam_mkhomedir.so skel=/etc/skel/ umask=0077
# end of pam-auth-update config
Regarding to enable sudo for these kerberos users, I couldn't find the info using "id" command
#id ad.test.edu\test
id: ‘ad.test.edu\test’: no such user
But here klist shows fine. How can I add rule for these kerberos user in sudo list?
Below is the krb client configuration.
$grep -i ad.te /etc/krb5.conf
kdc = ad.test.edu
admin_server = ad.test.edu
I'm able to get the kerberos ticket without any issues
$kinit test@AD.TEST.EDU
Password for test@AD.TEST.EDU:
Below is the ticket details
$klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: test@AD.TEST.EDU
Valid starting Expires Service principal
03/20/2019 09:36:05 03/21/2019 02:36:05
krbtgt/AD.TEST.EDU@AD.TEST.EDU
Even from console, I'm able to retrieve tickets without any issues
Mar 20 10:09:58 TEST lightdm: pam_krb5(lightdm:auth): user test@AD.TEST.EDU authenticated as test@AD.TEST.EDU
Mar 20 10:09:58 TEST lightdm: gkr-pam: error looking up user information
Mar 20 10:09:58 TEST lightdm: pam_kwallet5(lightdm:auth): (null): pam_sm_authenticate
Mar 20 10:09:58 TEST lightdm: pam_kwallet5(lightdm:auth): pam_kwallet5: Couldn't get user info (passwd) info
Mar 20 10:09:58 TEST lightdm: pam_unix(lightdm:account): could not identify user (from getpwnam(test@AD.TEST.EDU))
Mar 20 10:09:58 TEST lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Mar 20 10:09:58 TEST lightdm: PAM adding faulty module: pam_kwallet.so
Here I thought, below entry causing problem, by eliminate this install this package - libpam-kwallet5 . But after that, once I login with local user, I'm unable to logout from the session, It takes 3 or 4 times try to hit the logout button. After removing this package - libpam-kwallet5 , there is no issue.
Mar 20 10:09:58 TEST lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
I tried with kerberos user name syntax as "test@AD.TEST.EDU" , "test/AD.TEST.EDU" , test/AD.TEST.EDU@AD.TEST.EDU. Nothing help here.
Mar 20 10:14:35 TEST lightdm: pam_krb5(lightdm:auth): user test@AD.TEST.EDU authenticated as test@AD.TEST.EDU
Mar 20 10:14:35 TEST lightdm: gkr-pam: error looking up user information
Mar 20 10:14:35 TEST lightdm: pam_kwallet(lightdm:auth): (null): pam_sm_authenticate
Mar 20 10:14:35 TEST lightdm: pam_kwallet(lightdm:auth): pam_kwallet: Couldn't get user info (passwd) info
Mar 20 10:14:35 TEST lightdm: pam_kwallet5(lightdm:auth): (null): pam_sm_authenticate
Mar 20 10:14:35 TEST lightdm: pam_kwallet5(lightdm:auth): pam_kwallet5: Couldn't get user info (passwd) info
Mar 20 10:14:35 TEST lightdm: pam_unix(lightdm:account): could not identify user (from getpwnam(test@AD.TEST.EDU))
Here I want to acheive below three things
1) Login to Ubuntu desktop using kerberos user
2) Create home directory for login user
3) Provide sudo privileges for the login user.
Comment me some suggestions.
Thanks
16.04 sudo lightdm kerberos
add a comment |
I'm setting up a lab, in this case we have few ubuntu 16.04 Desktop, in that I'm planning to login with kerberos user with sudo privileges. It means, whenever a new user login to this desktop with his kerberos creds, a home directory will create and he will get sudo privileges for this machine.
Env:-
16.04.4 LTS (Xenial Xerus)"
4.13.0-36-generic
In my case user=test , domain = AD.TEST.EDU hostname = test.com
Added in /etc/pam.d/common-session for enabling home directory
session optional pam_mkhomedir.so skel=/etc/skel/ umask=0077
# end of pam-auth-update config
Regarding to enable sudo for these kerberos users, I couldn't find the info using "id" command
#id ad.test.edu\test
id: ‘ad.test.edu\test’: no such user
But here klist shows fine. How can I add rule for these kerberos user in sudo list?
Below is the krb client configuration.
$grep -i ad.te /etc/krb5.conf
kdc = ad.test.edu
admin_server = ad.test.edu
I'm able to get the kerberos ticket without any issues
$kinit test@AD.TEST.EDU
Password for test@AD.TEST.EDU:
Below is the ticket details
$klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: test@AD.TEST.EDU
Valid starting Expires Service principal
03/20/2019 09:36:05 03/21/2019 02:36:05
krbtgt/AD.TEST.EDU@AD.TEST.EDU
Even from console, I'm able to retrieve tickets without any issues
Mar 20 10:09:58 TEST lightdm: pam_krb5(lightdm:auth): user test@AD.TEST.EDU authenticated as test@AD.TEST.EDU
Mar 20 10:09:58 TEST lightdm: gkr-pam: error looking up user information
Mar 20 10:09:58 TEST lightdm: pam_kwallet5(lightdm:auth): (null): pam_sm_authenticate
Mar 20 10:09:58 TEST lightdm: pam_kwallet5(lightdm:auth): pam_kwallet5: Couldn't get user info (passwd) info
Mar 20 10:09:58 TEST lightdm: pam_unix(lightdm:account): could not identify user (from getpwnam(test@AD.TEST.EDU))
Mar 20 10:09:58 TEST lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Mar 20 10:09:58 TEST lightdm: PAM adding faulty module: pam_kwallet.so
Here I thought, below entry causing problem, by eliminate this install this package - libpam-kwallet5 . But after that, once I login with local user, I'm unable to logout from the session, It takes 3 or 4 times try to hit the logout button. After removing this package - libpam-kwallet5 , there is no issue.
Mar 20 10:09:58 TEST lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
I tried with kerberos user name syntax as "test@AD.TEST.EDU" , "test/AD.TEST.EDU" , test/AD.TEST.EDU@AD.TEST.EDU. Nothing help here.
Mar 20 10:14:35 TEST lightdm: pam_krb5(lightdm:auth): user test@AD.TEST.EDU authenticated as test@AD.TEST.EDU
Mar 20 10:14:35 TEST lightdm: gkr-pam: error looking up user information
Mar 20 10:14:35 TEST lightdm: pam_kwallet(lightdm:auth): (null): pam_sm_authenticate
Mar 20 10:14:35 TEST lightdm: pam_kwallet(lightdm:auth): pam_kwallet: Couldn't get user info (passwd) info
Mar 20 10:14:35 TEST lightdm: pam_kwallet5(lightdm:auth): (null): pam_sm_authenticate
Mar 20 10:14:35 TEST lightdm: pam_kwallet5(lightdm:auth): pam_kwallet5: Couldn't get user info (passwd) info
Mar 20 10:14:35 TEST lightdm: pam_unix(lightdm:account): could not identify user (from getpwnam(test@AD.TEST.EDU))
Here I want to acheive below three things
1) Login to Ubuntu desktop using kerberos user
2) Create home directory for login user
3) Provide sudo privileges for the login user.
Comment me some suggestions.
Thanks
16.04 sudo lightdm kerberos
add a comment |
I'm setting up a lab, in this case we have few ubuntu 16.04 Desktop, in that I'm planning to login with kerberos user with sudo privileges. It means, whenever a new user login to this desktop with his kerberos creds, a home directory will create and he will get sudo privileges for this machine.
Env:-
16.04.4 LTS (Xenial Xerus)"
4.13.0-36-generic
In my case user=test , domain = AD.TEST.EDU hostname = test.com
Added in /etc/pam.d/common-session for enabling home directory
session optional pam_mkhomedir.so skel=/etc/skel/ umask=0077
# end of pam-auth-update config
Regarding to enable sudo for these kerberos users, I couldn't find the info using "id" command
#id ad.test.edu\test
id: ‘ad.test.edu\test’: no such user
But here klist shows fine. How can I add rule for these kerberos user in sudo list?
Below is the krb client configuration.
$grep -i ad.te /etc/krb5.conf
kdc = ad.test.edu
admin_server = ad.test.edu
I'm able to get the kerberos ticket without any issues
$kinit test@AD.TEST.EDU
Password for test@AD.TEST.EDU:
Below is the ticket details
$klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: test@AD.TEST.EDU
Valid starting Expires Service principal
03/20/2019 09:36:05 03/21/2019 02:36:05
krbtgt/AD.TEST.EDU@AD.TEST.EDU
Even from console, I'm able to retrieve tickets without any issues
Mar 20 10:09:58 TEST lightdm: pam_krb5(lightdm:auth): user test@AD.TEST.EDU authenticated as test@AD.TEST.EDU
Mar 20 10:09:58 TEST lightdm: gkr-pam: error looking up user information
Mar 20 10:09:58 TEST lightdm: pam_kwallet5(lightdm:auth): (null): pam_sm_authenticate
Mar 20 10:09:58 TEST lightdm: pam_kwallet5(lightdm:auth): pam_kwallet5: Couldn't get user info (passwd) info
Mar 20 10:09:58 TEST lightdm: pam_unix(lightdm:account): could not identify user (from getpwnam(test@AD.TEST.EDU))
Mar 20 10:09:58 TEST lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Mar 20 10:09:58 TEST lightdm: PAM adding faulty module: pam_kwallet.so
Here I thought, below entry causing problem, by eliminate this install this package - libpam-kwallet5 . But after that, once I login with local user, I'm unable to logout from the session, It takes 3 or 4 times try to hit the logout button. After removing this package - libpam-kwallet5 , there is no issue.
Mar 20 10:09:58 TEST lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
I tried with kerberos user name syntax as "test@AD.TEST.EDU" , "test/AD.TEST.EDU" , test/AD.TEST.EDU@AD.TEST.EDU. Nothing help here.
Mar 20 10:14:35 TEST lightdm: pam_krb5(lightdm:auth): user test@AD.TEST.EDU authenticated as test@AD.TEST.EDU
Mar 20 10:14:35 TEST lightdm: gkr-pam: error looking up user information
Mar 20 10:14:35 TEST lightdm: pam_kwallet(lightdm:auth): (null): pam_sm_authenticate
Mar 20 10:14:35 TEST lightdm: pam_kwallet(lightdm:auth): pam_kwallet: Couldn't get user info (passwd) info
Mar 20 10:14:35 TEST lightdm: pam_kwallet5(lightdm:auth): (null): pam_sm_authenticate
Mar 20 10:14:35 TEST lightdm: pam_kwallet5(lightdm:auth): pam_kwallet5: Couldn't get user info (passwd) info
Mar 20 10:14:35 TEST lightdm: pam_unix(lightdm:account): could not identify user (from getpwnam(test@AD.TEST.EDU))
Here I want to acheive below three things
1) Login to Ubuntu desktop using kerberos user
2) Create home directory for login user
3) Provide sudo privileges for the login user.
Comment me some suggestions.
Thanks
16.04 sudo lightdm kerberos
I'm setting up a lab, in this case we have few ubuntu 16.04 Desktop, in that I'm planning to login with kerberos user with sudo privileges. It means, whenever a new user login to this desktop with his kerberos creds, a home directory will create and he will get sudo privileges for this machine.
Env:-
16.04.4 LTS (Xenial Xerus)"
4.13.0-36-generic
In my case user=test , domain = AD.TEST.EDU hostname = test.com
Added in /etc/pam.d/common-session for enabling home directory
session optional pam_mkhomedir.so skel=/etc/skel/ umask=0077
# end of pam-auth-update config
Regarding to enable sudo for these kerberos users, I couldn't find the info using "id" command
#id ad.test.edu\test
id: ‘ad.test.edu\test’: no such user
But here klist shows fine. How can I add rule for these kerberos user in sudo list?
Below is the krb client configuration.
$grep -i ad.te /etc/krb5.conf
kdc = ad.test.edu
admin_server = ad.test.edu
I'm able to get the kerberos ticket without any issues
$kinit test@AD.TEST.EDU
Password for test@AD.TEST.EDU:
Below is the ticket details
$klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: test@AD.TEST.EDU
Valid starting Expires Service principal
03/20/2019 09:36:05 03/21/2019 02:36:05
krbtgt/AD.TEST.EDU@AD.TEST.EDU
Even from console, I'm able to retrieve tickets without any issues
Mar 20 10:09:58 TEST lightdm: pam_krb5(lightdm:auth): user test@AD.TEST.EDU authenticated as test@AD.TEST.EDU
Mar 20 10:09:58 TEST lightdm: gkr-pam: error looking up user information
Mar 20 10:09:58 TEST lightdm: pam_kwallet5(lightdm:auth): (null): pam_sm_authenticate
Mar 20 10:09:58 TEST lightdm: pam_kwallet5(lightdm:auth): pam_kwallet5: Couldn't get user info (passwd) info
Mar 20 10:09:58 TEST lightdm: pam_unix(lightdm:account): could not identify user (from getpwnam(test@AD.TEST.EDU))
Mar 20 10:09:58 TEST lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Mar 20 10:09:58 TEST lightdm: PAM adding faulty module: pam_kwallet.so
Here I thought, below entry causing problem, by eliminate this install this package - libpam-kwallet5 . But after that, once I login with local user, I'm unable to logout from the session, It takes 3 or 4 times try to hit the logout button. After removing this package - libpam-kwallet5 , there is no issue.
Mar 20 10:09:58 TEST lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
I tried with kerberos user name syntax as "test@AD.TEST.EDU" , "test/AD.TEST.EDU" , test/AD.TEST.EDU@AD.TEST.EDU. Nothing help here.
Mar 20 10:14:35 TEST lightdm: pam_krb5(lightdm:auth): user test@AD.TEST.EDU authenticated as test@AD.TEST.EDU
Mar 20 10:14:35 TEST lightdm: gkr-pam: error looking up user information
Mar 20 10:14:35 TEST lightdm: pam_kwallet(lightdm:auth): (null): pam_sm_authenticate
Mar 20 10:14:35 TEST lightdm: pam_kwallet(lightdm:auth): pam_kwallet: Couldn't get user info (passwd) info
Mar 20 10:14:35 TEST lightdm: pam_kwallet5(lightdm:auth): (null): pam_sm_authenticate
Mar 20 10:14:35 TEST lightdm: pam_kwallet5(lightdm:auth): pam_kwallet5: Couldn't get user info (passwd) info
Mar 20 10:14:35 TEST lightdm: pam_unix(lightdm:account): could not identify user (from getpwnam(test@AD.TEST.EDU))
Here I want to acheive below three things
1) Login to Ubuntu desktop using kerberos user
2) Create home directory for login user
3) Provide sudo privileges for the login user.
Comment me some suggestions.
Thanks
16.04 sudo lightdm kerberos
16.04 sudo lightdm kerberos
asked 3 mins ago
user183980user183980
62
62
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1127134%2flogin-with-kerberos-user-on-ubuntu-16-04-desktop-with-sudo-privileges%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1127134%2flogin-with-kerberos-user-on-ubuntu-16-04-desktop-with-sudo-privileges%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown