Date: Wed, 23 May 2001 15:42:49 -0700 (PDT) From: Peter Losher <Peter.Losher@nominum.com> To: "Jacques A. Vidrine" <n@nectar.com> Cc: Peter Losher <Peter.Losher@nominum.com>, <freebsd-stable@freebsd.org> Subject: Re: OpenSSH and Krb5, FreeBSD style... Message-ID: <Pine.NEB.4.33.0105231513300.9543-100000@shell1.nominum.com> In-Reply-To: <20010523164412.A540@shade.nectar.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 23 May 2001, Jacques A. Vidrine wrote: > The OpenSSH v2 stuff doesn't do Kerberos (IV nor 5). Ahh... > > Bad news, UW-IMAP suffers from the same linker problem <sigh>. Also, SSHD > > refuses to take any Krb5 authentication, tkt or password. > > I'm confused -- above you said that it `seems to work fine' with the > v1 protocol. Which SSHD are you talking about here? That was the client on the box going out to other SSHD's (SSH Inc's SSH) on other servers; it worked fine. However, if I tried ssh'ing into the box, it refuses to take either my Kerberos ticket or entered password (Krb5 passwd) > > I installed pam_krb5 from ports, replaced the commented out Krb4 > > line under sshd with one for pam_krb5.so, and now sshd segfaults > > whenever you type in a Kerberos password. <sigh> > > Obviously that shouldn't happen, but the module is young and finicky. > Use the following for sshd/pam_krb5: > > auth sufficient pam_krb5.so try_first_pass > auth required pam_unix.so > account sufficient pam_krb5.so try_first_pass > account required pam_unix.so > session sufficient pam_krb5.so try_first_pass > session required pam_unix.so This is what I have under sshd in /etc/pam.conf (should it be in another file?): -=- sshd auth sufficient pam_krb5.so try_first_pass sshd auth required pam_unix.so sshd account sufficient pam_krb5.so try_first_pass sshd account required pam_unix.so sshd session sufficient pam_krb5.so try_first_pass sshd session required pam_unix.so sshd session required pam_permit.so -=- And this is what I get after typing my Krb5 passwd: -=- May 23 15:40:52 web1 sshd[319]: unable to resolve symbol: pam_sm_open_session May 23 15:40:52 web1 sshd[319]: unable to resolve symbol: pam_sm_close_session May 23 15:41:19 web1 /kernel: pid 319 (sshd), uid 0: exited on signal 11 -=- Thanks - Peter -- Peter.Losher@nominum.com - [ Systems Admin. | Nominum, Inc. ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.4.33.0105231513300.9543-100000>