Date: Tue, 25 Nov 2008 07:11:35 +0200 From: Viktar Sakovich <atlantos@gmail.com> To: freebsd-questions@freebsd.org Subject: Openssh + pam_krb5 doesn't establish credential cache. Message-ID: <08112507113500.01119@localhost>
next in thread | raw e-mail | index | archive | help
Hi. I trying to setup ssh+pam_krb5 for authentication and establishment of credential cache on FreeBSD 6.3 against MIT kerberos. Everything is ok with authentication, but not with establishment of credential cache by pam_krb5. I tried different combinations of modules in /etc/pam.d/sshd starting from default /usr/src/etc/pam.d/sshd with uncommented pam_krb5.so. Also tried to use "UsePrivilegeSeparation no" in /etc/ssh/sshd_config. In kdc log file I see during user login: Nov 24 15:22:34 kdchost krb5kdc[20876]: AS_REQ (2 etypes {1 16}) 10.34.22.15: ISSUE: authtime 1227536554, etypes {rep=1 tkt=16 ses=1}, user@REALM for krbtgt/REALM@REALM Nov 24 15:22:34 kdchost krb5kdc[20876]: TGS_REQ (2 etypes {1 16}) 10.34.22.15: ISSUE: authtime 1227536554, etypes {rep=1 tkt=16 ses=1}, user@REALM for host/bsdhost@REALM After user login there are no ccache files in usual location /tmp/krb5cc_uid and KRB5CCNAME is not set. But user can establish ccache manually using /usr/bin/kinit. Search on freebsd lists gave threads with discussion of above problem dated up to 2003 without any suggestion how to resolve it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?08112507113500.01119>