# Cannot start X session by means of XDM using kerberos

## john.nietzsche

Dear gentleman/madam,

after finnished installing my gentoo box, i managed to get kerberos authentication working. i can log into the box by using the terminal consoles ok.

The credentials are retrieved from the kdc server.

But when i try to open an X session, xdm gives the error message: Login incorrect

I am curious, because i see the kdc log messages containing information on tickets requests.

thanks in advance.

----------

## nixnut

Moved from Installing Gentoo to Networking & Security.

Networking security question, so moved here.

----------

## john.nietzsche

Dear gentleman/madan,

i have tried to get kerberos environment into my gentoo system. I can logging using ssh as also tty consoles. But i am having a hard time trying to get xdm/gdm to auth through kerberos. I am left alone i see no place to look for help.

I have edit /etc/pam.d/system-auth: (everything works great, except xdm/gdm)

auth        required      /lib/security/pam_env.so

auth        sufficient    /lib/security/pam_unix.so likeauth nullok

auth        sufficient    /lib/security/pam_krb5.so use_first_pass

auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so

account     required      /lib/security/pam_access.so

account     [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/pam_krb5.so

account     required      /lib/security/pam_access.so

password    required      /lib/security/pam_cracklib.so retry=3 type=password    sufficient    /lib/security/pam_unix.so nullok use_authtok

md5 shadow

password    sufficient    /lib/security/pam_krb5.so use_authtok

password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so

session     required      /lib/security/pam_unix.so

session     optional      /lib/security/pam_krb5.so

Every another file within /etc/pam.d remains as the installation setup defined.

Would some here ***please*** provided a guidance where i am wrong?

Thank you very much for your help and cooperation.

Best regards.

----------

## nixnut

more kerberos stuff, so merged here

----------

