Date: Sat, 17 Feb 2024 16:02:28 -0500 From: Michael Voorhis <mvoorhis@gmail.com> To: freebsd-questions@FreeBSD.org Cc: mvoorhis@gmail.com Subject: openPAM and Kerberos in FreeBSD13 Message-ID: <d35982f9-8c3e-43f8-be8d-ef3f2243489d@gmail.com>
next in thread | raw e-mail | index | archive | help
Hi all, I'm trying to get SSH and Kerberos working on my FreeBSD13 machine. I can authenticate to the KDC using kinit, no problem, but no amount of playing will allow me to login to a machine using SSHD and PAM. Have played with /etc/pam.d/system and /etc/pam.d/sshd endlessly. The KDC/KADMIN server is another FreeBSD13 machine, and seems to function correctly as it is being used actively. The PAM-failing client machine has a keytab file with a dedicated host-key so the KDC knows about it. PAM provides no useful errors of any kind. Use of kinit on my PAM-failing test machine causes log entries to appear on the KDC's /var/heimdal/kdc.log, but PAM activity doesn't appear in logs at all, as if it's not even trying to connect. There's some disconnect that I don't understand. Thanks for any URLs, leading-questions, or other pointers. I strongly suspect there's Some Simple Thing I haven't done correctly. Thanks for reading, --MCV.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d35982f9-8c3e-43f8-be8d-ef3f2243489d>