Date: Tue, 29 Oct 2002 08:10:11 -0500 From: Mark A Gebert <geeb@thugsrus.org> To: questions@FreeBSD.org Subject: Kerberos5 PAM Question Message-ID: <20021029131011.GH316@thugsrus.org>
next in thread | raw e-mail | index | archive | help
Under FreeBSD4.7, I installed the pam_krb5 port (compiled with MIT Kerberos) and I'm trying to get it to generate a ticket file with sshd (with UsePrivilegeSeparation set to yes). I get authenticated fine into the system: Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) initialize_method: pam_sm_authenticate Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) initialize_method: allocating pam_krb5_state Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) dumping state Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) option: debug Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) option: use_first_pass Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) option: require_keytab Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) option: ccache=%u Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) state: user=`geeb' Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) state: service=`sshd' Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) initialize_method: success Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) pam_sm_authenticate: resolve_principal: Success Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) pam_krb5_get_authtok: no pre-existing password Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_sm_authenticate: krb5_get_init_creds_password: Success Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_sm_authenticate: pam_krb5_store_tgt: Success Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_krb5_verify_tgt: Success Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_sm_authenticate: result for user `geeb': Success Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) initialize_method: pam_sm_acct_mgmt Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) dumping state Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) option: debug Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) option: use_first_pass Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) option: require_keytab Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) option: ccache=%u Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: STATE_AUTH_COMPLETED Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: princ_name=`geeb@THUGSRUS.NET' Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: user=`geeb' Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: service=`sshd' Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: princ exists Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: ccache exists Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) initialize_method: success Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_sm_acct_mgmt: result for user `geeb': Success Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) cleanup_state Oct 29 08:05:18 lart2 sshd[299]: Accepted keyboard-interactive/pam for geeb from 66.93.1.55 port 2142 ssh2 But no ticket file: > klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_4465) Kerberos 4 ticket cache: /tmp/tkt4465 klist: You have no tickets cached The line in /etc/pam.conf is: sshd auth required pam_krb5.so use_first_pass ccache=%u require_keytab debug I've generated a host/lart2.thugsrus.net and a sshd/lart.thugsrus.net key but to no avail. Any help is appreciated. --geeb -- Mark Gebert geeb@thugsrus.org "It takes a Viking to raze a village!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021029131011.GH316>