Date: Mon, 23 Feb 2009 11:59:52 -0700 From: KAK BO CHE <kak.bo.che@gmail.com> To: freebsd-questions@freebsd.org Subject: difficulty using SSH Kerberos PAM Authentication with 7.1 Release Message-ID: <1fcf2da90902231059n24d21aa5h861767b099979886@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I recently did a freebsd-update to a machine running 6.3 to 7.1. I am now having difficulty getting pam_krb5 to work as it used to for sshd authentication. After upgrading to 7.1 I noticed the openpam_dispatch() and pam_sm_authenticate() errors on my console when trying to login via ssh. I fixed these by removing the pam_nologin module from the auth list in my sshd pam config file. My current pam sshd configuation file is as follows: # auth auth required pam_krb5.so no_warn try_first_pass #auth required pam_unix.so no_warn try_first_pass nullok # account account required pam_nologin.so #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so # session #session optional pam_ssh.so session required pam_permit.so # password #password sufficient pam_krb5.so no_warn try_first_pass password required pam_unix.so no_warn try_first_pass If I attempt to login with the correct kerberos credentials I get the following error: pam_setcred() failed to retreive user credentials If I reenable the "auth required pam_unix.so" line and change the line before it to "auth sufficient pam_krb5.so" I can logon with either my kerberos or the local system password, but no other password as expected. Unfortunately, I cannot allow local user passwords to logon to the system. What am I doing wrong a similar setup worked with FreeBSD 6.3, but the last authenticaion module was pam_nologin. Thanks, --Troy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1fcf2da90902231059n24d21aa5h861767b099979886>