The problem I see on uskng pam krb is that ticket is on server not on workstation. Maybe you could use flag addressless to fix this issue. but I am not sure.
LD Le Vendredi 18 Mars 2005 07:10, Wyllys Ingersoll a �crit�: > Douglas E. Engert wrote: > > > I've just run another test and discovered that I can successfully > > > log into the host initially (via PAM kerberos library and SSH), and > > > I don't get error 52. I've got a ticket in my cache and > > > everything. Kerb error 52 only occurs if I'm using kinit from the > > > shell. > > > > You could be right on the cut over point, and maybe addressless vs > > with address tickets keep the ticket just small enough. > > When the client does not do pre-authentication, does AD still > send PAC data? I thought it did not, but I'm not certain. > > -Wyllys > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
