Date: Wed, 30 Aug 2006 16:03:40 +0200 (CEST) From: Harti Brandt <hartmut.brandt@dlr.de> To: hackers@freebsd.org Subject: pam_krb5 problems Message-ID: <20060830155708.J37315@beagle.kn.op.dlr.de>
next in thread | raw e-mail | index | archive | help
Hi all, has anyone successfully configured pam_krb5? It seems that the ticket verification that is in the code does not work as intended: I have a host key in my keytab, but reading it for verification fails, because pam_krb5 constructs the principal name host/opkndn_beagle@INTRA.DLR.DE while the keytab contains just opkndn_beagle@INTRA.DLR.DE. When I try to add the host/... principal to the keytab, kinit -k doesn't work anymore. Another problem is finding the realm for the host. I have to explicitely add the mapping for the host to the realm to krb5.conf. I have a _kerberos TXT record in DNS, but the library fails to DNS-search for _kerberos or _kerberos.kn.op.dlr.de, but searches for _kerberos.opkndn_beagle.. (note the '.' at the end) which seem just wrong. What do I wrong here? harti
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060830155708.J37315>