Date: Tue, 24 Jan 2017 23:45:30 -0800 From: Matt Mullins <mokomull@gmail.com> To: "C. L. Martinez" <carlopmart@gmail.com> Cc: FreeBSD <freebsd-questions@freebsd.org> Subject: Re: SSH with kerberos auth doesn't provide a ticket Message-ID: <CAPyT1SF5UptnxdP=ANxoMhec51w_9L%2B43y2o5hbZrvUwU-o1Qg@mail.gmail.com> In-Reply-To: <20170125072552.wrcbygdm6rbxtkhy@stonehaven.uxdom.org> References: <20170125072552.wrcbygdm6rbxtkhy@stonehaven.uxdom.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 24, 2017 at 11:25 PM, C. L. Martinez <carlopmart@gmail.com> wro= te: > Hi all, > > I have a strange problem with ssh when kerberos auth is used. We have th= ree kerberos servers based on MIT kerberos. I have configured a FreeBSD 11-= RELEASE virtual guest to authenticate against these kerberos servers. Auth = works ok, but ssh doesn't request a kerberos ticket (I am connecting from a= Windows 10 workstation with putty): When you say "auth works ok", I assume that means that PuTTY does not prompt for a password? If it does prompt for a password, you are definitely not using GSSAPI at the ssh-connection layer (even if that password is being checked against a KDC on the ssh server). > I have enabled th following options in sshd_config: > > # Kerberos options > KerberosAuthentication yes You probably don't need that, if you've got mod_krb5.so in your PAM config. This only applies when PasswordAuthentication is negotiated for an SSH session, anyway. > It is strange because this "problem" only appears with FreeBSD, all othe= rs linux doesn't have this problem. > > What am I doing wrong? When you configure your PuTTY connection for your FreeBSD machine, make sure you check the "Allow GSSAPI credential delegation" in Connection -> SSH -> Auth -> GSSAPI. Seems to work for me.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyT1SF5UptnxdP=ANxoMhec51w_9L%2B43y2o5hbZrvUwU-o1Qg>