Date: Thu, 29 Aug 2013 04:48:44 +0400 From: Slawa Olhovchenkov <slw@zxy.spb.ru> To: freebsd-security@FreeBSD.org Subject: OpenSSH, PAM and kerberos Message-ID: <20130829004844.GA70584@zxy.spb.ru>
next in thread | raw e-mail | index | archive | help
I am try to setup single sign-on and found this is imposuble due to bug in OpenSSH: currently sshd do pam_authenticate() and pam_acct_mgmt() from child process, but pam_setcred() from paren proccess. pam_krb5 in pam_sm_setcred() required information from pam_sm_authenticate and can't work corretly (can't create /tmp/krb5cc_NNNN, can't set envirompent KRB5CCNAME and so). In logs/debugs this is as openpam_dispatch(): pam_krb5.so: pam_sm_setcred(): failed to retrieve user credentials
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130829004844.GA70584>