On Mon, Sep 8, 2014 at 11:44 AM, Gerardo Padierna <asl.gera...@gmail.com>

>  Hello folks,


I'm setting up an IPA-server instance aimed to be used primarily for
> Linux/Unix clients ssh authentication (with kerberos).
> I've managed to successfully set up debian clients (via sssd and also on
> older debians, through libnss and pam_krb5). But for some reason I can't
> authenticate ssh on Solaris10 clients.
> On the Solaris box, I've followed the steps outiined here:
> http://www.freeipa.org/page/ConfiguringUnixClients
> and the nss part works fine (things like getent [group | passwd] and id
> <user> work), but unfortunaltely, the ssh user authentication fails with an
> error:
> sshd auth.error PAM-KRB5 (auth): krb5_verify_init_creds failed: No such
> file or directory
> On the solaris clients, does there need to be a keytab in /etc/krb5/
> directory copied over from the IPA server?

I have integrated omnios (open solaris derivative) with ipa using these


that info may or may not be useful for solaris 10 as I have zero experiece
with older solaris versions. But in principle, yes, you need a host keytab
to login using kerberos SSO.


Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to