Hello, I am currently making a HP-UX 11i authenticate itself to a Windows 2000 KDC using HP-UX Secure Shell which is the following version (output from swlist):
T1471AA A.03.10.002 HP-UX Secure Shell Now it works very well if I am logging in from a UNIX client where I currently already have my ticket from the W2k KDC (by using kinit before doing my ssh). But if I don't have any tickets (for example using kdestroy before ssh) it simply won't let me log in. During this second attemp to login (without any ticket) I ran a tcpdump port 88 on the server and I didn't see any requests to the KDC. Does anyone know what the problem could be ??? OpenSSH should validate my password with the KDC in case I don't have any tickets but it doesn't do that. If I use for telnet to login to my HP-UX server, enter my login and my password I can see the exchanges with the w2k KDC this works fine. Here is my pam.conf in case: # # PAM configuration # # Authentication management # login auth sufficient /usr/lib/security/libpam_krb5.1 login auth required /usr/lib/security/libpam_unix.1 try_first_pass #login auth required /usr/lib/security/libpam_unix.1 try_first_pass su auth required /usr/lib/security/libpam_unix.1 dtlogin auth required /usr/lib/security/libpam_unix.1 dtaction auth required /usr/lib/security/libpam_unix.1 ftp auth required /usr/lib/security/libpam_unix.1 OTHER auth required /usr/lib/security/libpam_unix.1 # # Account management # login account required /usr/lib/security/libpam_krb5.1 login account required /usr/lib/security/libpam_unix.1 su account required /usr/lib/security/libpam_unix.1 dtlogin account required /usr/lib/security/libpam_unix.1 dtaction account required /usr/lib/security/libpam_unix.1 ftp account required /usr/lib/security/libpam_unix.1 # OTHER account required /usr/lib/security/libpam_unix.1 # # Session management # login session required /usr/lib/security/libpam_krb5.1 login session required /usr/lib/security/libpam_unix.1 dtlogin session required /usr/lib/security/libpam_unix.1 dtaction session required /usr/lib/security/libpam_unix.1 OTHER session required /usr/lib/security/libpam_unix.1 # # Password management # login password required /usr/lib/security/libpam_krb5.1 login password required /usr/lib/security/libpam_unix.1 passwd password required /usr/lib/security/libpam_unix.1 dtlogin password required /usr/lib/security/libpam_unix.1 dtaction password required /usr/lib/security/libpam_unix.1 OTHER password required /usr/lib/security/libpam_unix.1 If you need any more informations, debug output and so please let me know, I will be pleased to post them. Any informations are welcome. Many thanks ! Regards Marc ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
