Configuring VMWare Server 2 authentication

Recently I’ve needed to install a virtual machine on my spiffy RHEL 5.3 system, so I turned to VMWare, since its free Server software (1.0 series) worked fine on Ubuntu Dapper.  So I tried installing Server 2, because newer is better, right (you know where I’m going…)?

Server 2 does user-level authentication, so you need to specify the admin user at setup time.  That will be the only user (initially) that can touch the vmware instance.  This means that if you disable the root password, then you should not choose ‘root’ as that user.

So this is fine, except that I couldn’t login initially.  The trick is that VMWare does its own user authentication off of the normal /etc/{passwd,shadow} files, and I was authenticating with Kerberos as an AFS user.

Here’s how to fix things.  You need to modify /etc/vmware/pam.d/vmware-authd .  Upon installation, it contains:

#%PAM-1.0
auth   required   pam_unix.so   shadow nullok
account  required  pam_unix.so
You need to add a line so it looks like:

#%PAM-1.0
auth sufficient  pam_krb5.so use_first_pass  refresh_creds debug 
auth   required   pam_unix.so   shadow nullok
account   required  pam_unix.so
I used /etc/pam.d/system-auth as a reference. (I’m not sure the ‘debug’ part is needed.)

Since I couldn’t find anything online (this is one thing that google didn’t really know) that fixed things, I hope this is useful and saves a few hours or so for somebody somewhere.  The closest post I found didn’t seem to have a clear resolution and solution.

Update: If something gets borked and it says your user is unauthorized, you can set the admin user by editing the value in the <ACEDataUser> tag in /etc/vmware/hostd/authorization.xml .

Let me know if I’ve missed anything–all I can say is that this worked for me.

  1. Thanks for the post. It was kind of useful for me. I’m searching to find some info on configuring nis authentication with vmware server 2.0. Do we still require pam_nis.so library? I read that as long as the system’s /etc/nsswitch.conf file is configured for nis, pam_unix.so would be sufficient.

    Can you please shed some light on this.

  2. Btw, here’s my email.

  3. Actually, I’m not sure about the NIS authentication. I notice that there are a couple threads on this in the VMWare forums, and one of them pointed to a wiki page: http://www.astroarch.com/wiki/index.php/Full_NIS_Integration

    It looks like pam_nis.so isn’t required, though a lot of other configuration is needed.

    FYI, I stopped messing with it as soon as I got the normal Kerberos AFS login to work since that’s all I needed. 🙂

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>