From owner-freebsd-hackers@FreeBSD.ORG  Fri Oct 21 14:08:14 2005
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: hackers@freebsd.org
Delivered-To: freebsd-hackers@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DF96916A41F
	for <hackers@freebsd.org>; Fri, 21 Oct 2005 14:08:14 +0000 (GMT)
	(envelope-from Hartmut.Brandt@dlr.de)
Received: from smtp-3.dlr.de (smtp-3.dlr.de [195.37.61.187])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5CA5E43D49
	for <hackers@freebsd.org>; Fri, 21 Oct 2005 14:08:14 +0000 (GMT)
	(envelope-from Hartmut.Brandt@dlr.de)
Received: from beagle.kn.op.dlr.de ([129.247.173.6]) by smtp-3.dlr.de over TLS
	secured channel with Microsoft SMTPSVC(6.0.3790.211); 
	Fri, 21 Oct 2005 16:08:12 +0200
Date: Fri, 21 Oct 2005 16:08:14 +0200 (CEST)
From: Harti Brandt <hartmut.brandt@dlr.de>
X-X-Sender: harti@beagle.kn.op.dlr.de
To: hackers@freebsd.org
Message-ID: <20051021160017.D4007@beagle.kn.op.dlr.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-OriginalArrivalTime: 21 Oct 2005 14:08:12.0454 (UTC)
	FILETIME=[DF6F7460:01C5D648]
Cc: 
Subject: telnetd/sshd and Kerberos tickets (PAM)
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Harti Brandt <harti@freebsd.org>
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2005 14:08:15 -0000


Hi all,

I have enabled the pam_krb5 module in pam.d/{login,telnetd,sshd}. When 
login in locally I get a Kerberos ticket as I would expect. When logging 
in via ssh or telnet I don't get one. I have digged around in the sources 
and it locks like telnetd never calls pam_setcred() which would do this 
work. My PAM-foo is rather limited so my question is: shouldn't sshd and 
telnetd call pam_setcred() somewhere?

harti