From owner-freebsd-questions@FreeBSD.ORG Sun Mar 13 16:25:50 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E194516A4CE for ; Sun, 13 Mar 2005 16:25:50 +0000 (GMT) Received: from mail.orbweavers.co.uk (213-152-38-100.dsl.eclipse.net.uk [213.152.38.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8508443D48 for ; Sun, 13 Mar 2005 16:25:49 +0000 (GMT) (envelope-from martinmcc@orbweavers.co.uk) Received: from www.orbweavers.co.uk (unknown [127.0.0.1]) by mail.orbweavers.co.uk (Postfix) with ESMTP id E3C641FDC8 for ; Sun, 13 Mar 2005 17:30:09 +0000 (GMT) Received: from 192.168.16.79 (SquirrelMail authenticated user martinmcc) by www.orbweavers.co.uk with HTTP; Sun, 13 Mar 2005 17:30:09 -0000 (GMT) Message-ID: <3089.192.168.16.79.1110735009.squirrel@www.orbweavers.co.uk> In-Reply-To: <20050313155855.GD60575@seekingfire.com> References: <000801c527c9$8d9e03a0$0366a8c0@d><2986.192.168.16.79.1110728326.squirrel@www.orbweavers.co.uk> <20050313155855.GD60575@seekingfire.com> Date: Sun, 13 Mar 2005 17:30:09 -0000 (GMT) From: martinmcc@orbweavers.co.uk To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: Re: kerberos problems X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Mar 2005 16:25:51 -0000 > On Sun, Mar 13, 2005 at 03:38:46PM -0000, martinmcc@orbweavers.co.uk > wrote: >> I followed the handbook guide to setting it up, and it all seems to >> be >> working ok. I have now setup telnetd as described to test how it is >> working. If I have done a kinit previously, it will log in no problem, >> but if I do not do a kinit (or do a kdestroy before hand) I get - >> >> kerberos V5: mk_req (No Such File or direcotry). >> >> Any ideas? > > That sounds like it's working normally. Without a valid ticket (as shown > by `klist`), which is cached in a file, services like telent which use > Kerberos won't authenticate you. > > If I'm misunderstanding the problem you're describing, please add some > more detail as to what you expected to have happen and how reality > differed :-) > Yeah, it could well be the way it is supposed to work. Basically I want to end up with a centralised login system for my network (i.e. no need to create usernames on each client). I am planning to use ldap for this, and as I understand it ldap can use kerberos for the authentication aspect. So I am atm trying to make sure I have a good understanding of the kerberos system and have it up and running before I tackle the next part. what I was assuming would happen when I try to telnet in without a ticket (i.e. with running kinit) was that I would get asked for a username/password, and then I would get issued a ticket, rather than manually having to kinit first. How would this affect using pam to authenticate i.e. if I want to use pam_krb to login to the console, I would not be able to run kinit before hand? [Apologies for sending this to you twice tillman , need to be more careful with the reply to button :)] Cheers, Martin