Hi guys, I am trying to setup kerberos authorization using UBUNTU 6.06 DAPPER, and I think I must be missing something simple.
I followed this easy-to-read HOWTO: http://developer.novell.com/wiki/index.php/HOWTO:_Configure_Ubuntu_for_Active_Directory_Authentication I stuck pretty close to what they said, with the minor exception that I did not use LDAP for accounts, but instead used NIS. "getent passwd" returns our password database, so I know that is working. kinit and klist work properly. With kpasswd, I can change my Active Directory password from Linux, so I am guessing that means, my /etc/krb5.conf is correct. What does not work, is logging in with my Active Directory password. So I enabled debugging in PAM, and noticed the following errors when I try to log in: Sep 8 17:25:44 nfsv4c sshd[5103]: pam_krb5: pam_sm_authenticate(ssh rohitm): entry: Sep 8 17:25:45 nfsv4c sshd[5103]: pam_krb5: verify_krb_v5_tgt(): krb5_sname_to_principal(): Cannot determine realm for host Sep 8 17:25:45 nfsv4c sshd[5103]: pam_krb5: pam_sm_authenticate(ssh rohitm): exit: failure Now my realm is set in the krb5.conf file (I just kinit username, and it knows my default realm), so do I have to do something else for pam to understand it? Also is the krb5.keytab file necessary? It looks like I have to run commands against as administrator on active directory to generate this file and if I don't have to do this, I'd rather not! Rohit ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
