Date: Tue, 25 Nov 2008 07:11:35 +0200 From: Viktar Sakovich <atlantos@gmail.com> To: freebsd-questions@freebsd.org Subject: Openssh + pam_krb5 doesn't establish credential cache. Message-ID: <08112507113500.01119@localhost>
next in thread | raw e-mail | index | archive | help
Hi.
I trying to setup ssh+pam_krb5 for authentication and establishment of
credential cache on FreeBSD 6.3 against MIT kerberos. Everything is ok with
authentication, but not with establishment of credential cache by pam_krb5.
I tried different combinations of modules in /etc/pam.d/sshd starting from
default /usr/src/etc/pam.d/sshd with uncommented pam_krb5.so. Also tried to
use "UsePrivilegeSeparation no" in /etc/ssh/sshd_config.
In kdc log file I see during user login:
Nov 24 15:22:34 kdchost krb5kdc[20876]: AS_REQ (2 etypes {1 16}) 10.34.22.15:
ISSUE: authtime 1227536554, etypes {rep=1 tkt=16 ses=1}, user@REALM for
krbtgt/REALM@REALM
Nov 24 15:22:34 kdchost krb5kdc[20876]: TGS_REQ (2 etypes {1 16})
10.34.22.15: ISSUE: authtime 1227536554, etypes {rep=1 tkt=16 ses=1},
user@REALM for host/bsdhost@REALM
After user login there are no ccache files in usual location /tmp/krb5cc_uid
and KRB5CCNAME is not set. But user can establish ccache manually using
/usr/bin/kinit.
Search on freebsd lists gave threads with discussion of above problem dated
up to 2003 without any suggestion how to resolve it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?08112507113500.01119>