Date: Sun, 23 Jan 2005 12:33:16 -0500 From: Mark A Gebert <geeb@thugsrus.org> To: freebsd-questions@freebsd.org Subject: FreeBSD 5.3: Kerberos and SSH Message-ID: <41F3DFDC.10103@thugsrus.org>
next in thread | raw e-mail | index | archive | help
I have the SSHD PAM setup to use Kerberos the way I do under FreeBSD
4.x. When I SSH into the box I
authenticate fine the KDC issues a ticket for me but the credentials
cache does not get created. Clues?
--geeb
/etc/pam.d/sshd
#
# $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $
#
# PAM configuration for the "sshd" service
#
# auth
auth sufficient pam_krb5.so debug
try_first_pass ccache=SAFE
#auth required pam_nologin.so no_warn
auth sufficient pam_opie.so no_warn
no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn
try_first_pass
#auth sufficient pam_ssh.so no_warn
try_first_pass
auth required pam_unix.so no_warn
try_first_pass
# account
account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
# session
#session optional pam_ssh.so
session required pam_permit.so
# password
password sufficient pam_krb5.so no_warn
try_first_pass
#password required pam_unix.so no_warn
try_first_pass
% ssh tigger
Password:
FreeBSD 5.3-RELEASE (GENERIC) #0: Fri Nov 5 04:19:18 UTC 2004
Welcome to FreeBSD!
> klist
klist: No ticket file: /tmp/krb5cc_4465
5kdc log
Jan 23 12:29:12 lart.thugsrus.net krb5kdc[252](info): AS_REQ (1 etypes
{1}) 66.93.3.118: ISSUE: authtime 1106501352, etypes {rep=1 tkt=1
ses=1}, geeb@THUGSRUS.NET for krbtgt/THUGSRUS.NET@THUGSRUS.NET
Jan 23 12:29:12 lart.thugsrus.net krb5kdc[252](info): TGS_REQ (1 etypes
{1}) 66.93.3.118: ISSUE: authtime 1106501352, etypes {rep=1 tkt=1
ses=1}, geeb@THUGSRUS.NET for host/tigger.thugsrus.net@THUGSRUS.NET
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41F3DFDC.10103>