Hi, I have downloaded OpenSSH_3.2.2p1 and Kerberos 5.1.2.5 to attempt my chance to use kerberos with ssh on solaris 8. The result is negative. It seems this time, the credential in /tmp is created with a correct name, i.e. krb5cc_(user's UID). But it's still owned by root. As a result, you can only gain access once with your password on Kerberos server (in my case, on domain controller).
I then tried to use pam_krb5 at http://www.sourceforge.net. But I could not get it compiled. When I did "./configure --with-krb5=/usr/local/kerberos", I receive the following error message: checking for krb5_init_context in -lkrb5... no configure: error: libkrb5 not found! Please use --with-krb5 to specify an alternate basedir Jason of UofW has mentioned in his previous email that he has raised a request of fixing pam_krb5 module with Sun engineers. Whoever gets a fix for this, please share it with everyone in the mailing list. Any hints and helps would be appreciated, Suchun ------------------------------------------- From: Steve Langasek <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <[EMAIL PROTECTED]> Errors-To: [EMAIL PROTECTED] Date: Thu, 16 May 2002 13:00:22 -0500 On Wed, May 15, 2002 at 08:51:41PM -0400, [EMAIL PROTECTED] wrote: > Do you mean the module called "pam_krb5_migrate"? I'm really anxious to > make it work. I would try it if it works for you. I'm sure I understand > what you said: > "download the pam_krb5 module via cvs". Please give out more detailed > specification. pam_krb5_migrate is a stackable module that only provides (as the name suggests) a migration path to Kerberos -- it does not provide Kerberos authentication services. The module you're looking for is indeed called 'pam_krb5', and should be downloaded from sourceforge using cvs using the commands listed in the original message. If you don't have cvs on your system, perhaps someone else who uses Solaris will be able to tell you where to find it. Steve Langasek postmodern programmer > From: [EMAIL PROTECTED] > Message-ID: <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Errors-To: [EMAIL PROTECTED] > Date: Tue, 14 May 2002 16:41:48 -0400 > > Suchun Wu wrote: > > Yes. I applied the patches posted on openssh web page. I believe Jason's > > comments (after your posting) are correct. He probably has the same > problem. > > I'll apply his patch and let you know the result. > > > > Thanks, > > > > Suchun > > > > Yes this is broken in pam_krb5 from sun, supposedly there is a > preliminary patch being developed for it but... > > go to http://www.sourceforge.net > > go to find the pam project and download the pam_krb5 module via > cvs, (just press enter at the password prompt from the first command) > > > cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/pam login > > cvs -z3 -d:pserver:[EMAIL PROTECTED]:/cvsroot/pam co > pam_krb5 > > This will download pam_krb5 dir into the current directory. I have had > much better luck with this module. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
