Quoth [EMAIL PROTECTED] (Patrice Seyed): | I'm running openssh-3.7.1p1, /etc/pam.d/authconfig is syntactically | correct regarding pam_kerb5.so, and /etc/krb5.conf and /etc/krb.conf are a | pristine working config from another linux system. (oh running | 2.4.21-4.0.1.ELsmp also here). | | so kerberos will only work/authenticate properly with this setup when i | uncomment in | /etc/ssh/sshd_config: | KerberosAuthentication yes
Yes. | i think is the mechanism for going around PAM though. Yes. As I understand it, PAM is not Kerberos authentication in the sense that your ssh client uses your local credentials to get a service ticket for the remote sshd. Rather, it is password authentication - your password goes across the wire to the remote sshd - where the Kerberos module acts as a proxy client+server to validate the password. ->I agree that's how it should work, however it doesn't work properly in this version of ssh. The pamd module will not successfully pass the password authentication information to Kerberos. The only information in /var/log/messages regarding this is "incorrect password" even when DEBUG is turned on. -Patrice Donn Cave, [EMAIL PROTECTED] ------------------------------ ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
