I'm trying to get sshd to authenticate users via Kerberos.  I want to
do this using a forwardable ticket (I get this by doing kinit -f).  I
have the necessary host/[EMAIL PROTECTED] and rcmd/[EMAIL PROTECTED] entries in the
krb5.keytab file in /etc.

  I have defined the following (non-standard) options in my sshd_config:

RSAAuthentication no
PubkeyAuthentication no
PasswordAuthentication no
ChallengeResponseAuthentication no
KerberosAuthentication yes
KerberosOrLocalPasswd no
KerberosTicketCleanup yes

  However, when I try and log-in I am prompted with a password prompt,
where my Kerberos principle password is rejected (this is correct, I
think, since all ChallResponse and PassAuth are disabled).  However, I
notice the KerberosTgtPassing option, which looks like it does the
ticket passing magic-stuff, but it applies only to AFS.  Is this
correct?  Can I not have ticket forwarding for authentication?

  Thanks very much,


Earth is a beta site.
-| msn:[EMAIL PROTECTED] | jab:[EMAIL PROTECTED] | url:http://lewiz.net |-

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to