Date: Thu, 5 May 2005 08:49:52 -0600 From: Tillman Hodgson <tillman@seekingfire.com> To: freebsd-questions@freebsd.org Subject: Re: Kerberos 5 Message-ID: <20050505144952.GK91867@seekingfire.com> In-Reply-To: <20050504213330.45410.qmail@web50408.mail.yahoo.com> References: <20050504213330.45410.qmail@web50408.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 04, 2005 at 02:33:30PM -0700, Damian Sobieralski wrote: > > I have a fairly weird question for the group. I recently set up a > FreeBSD 5.3 box to use pam_krb5 for sshd authentication. It worked > great. I created a local workstation user via adduser and when it came > time for the password based question, I selected no. So when I logged > in, I typed "klist" and got some verbage back about my ticket in /tmp. > > I rebuilt the box and although I can log into the box, when I type > klist now I get: > > klist: No ticket file: /tmp/krb5cc_0 > > Or some variation of the ticket file name. It authenticates me okay > via kerneros or I couldn't get logged in, but any idea why this might > happen? How did you confirm that you were authenticating via Kerberos? Do you have an environment variable like KRB5CCNAME set anywhere? Which Kerberos are you talking about? The limited Heimdal in the base OS, the full Heimdal port or the MIT port? Do you have more than one in use and are perhaps running into path issues (running a different program than you think you're running)? > BTW- I read online that storing tickets like this (in /tmp) is > potentially a security risk for a server so the thought was to change > it to home directory tickets like the website recommends. It depends. In my environment, /home is NFS mounted. This is a Very Bad Thing for Kerberos tickets. In my case, each computer is basically a single-user workstation and /tmp actually is safer than /home. -T -- "Beauty is not diminished by being shared." -- Robert Heinlein
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050505144952.GK91867>