Hi, I'm trying to get sshd to authenticate users via Kerberos. I want to do this using a forwardable ticket (I get this by doing kinit -f). I have the necessary host/[EMAIL PROTECTED] and rcmd/[EMAIL PROTECTED] entries in the krb5.keytab file in /etc.
I have defined the following (non-standard) options in my sshd_config: RSAAuthentication no PubkeyAuthentication no PasswordAuthentication no ChallengeResponseAuthentication no KerberosAuthentication yes KerberosOrLocalPasswd no KerberosTicketCleanup yes However, when I try and log-in I am prompted with a password prompt, where my Kerberos principle password is rejected (this is correct, I think, since all ChallResponse and PassAuth are disabled). However, I notice the KerberosTgtPassing option, which looks like it does the ticket passing magic-stuff, but it applies only to AFS. Is this correct? Can I not have ticket forwarding for authentication? Thanks very much, -lewiz. -- Earth is a beta site. ------------------------------------------------------------------------ -| msn:[EMAIL PROTECTED] | jab:[EMAIL PROTECTED] | url:http://lewiz.net |-
pgp00000.pgp
Description: PGP signature