Hey Guys!I've got the quest of kerberising a network and got into some
problems.I've set up a testnetwork with 2 mashines running Red Hat Enterprise
Linux WS release 4 (Nahant Update 4).The goal is, to set up a working KDC and
Admin Server and Kerberised SSH, with single sign on.I've accomplished to set
up the KDC, Admin Server and SSH is also working over Kerberos, so the only
problem right now is single-sign on.It may be good to mention, that user
accounts are centralized over NIS (should be kerberised ldap in future).Those
are the problems I have right now:If I rlogin on one of the two mashines (from
a third host), rlogin lets me in with either the NIS pwd (secend pwd prompt,
because first one fails) or the kerberos pwd. In both cases, I don't get a
TGT.I've run system-config-authentication and activated Kerberos
Authentication, which has abolutely NO effect on the login process, no matter
where and how I login.If I add "auth sufficient pam_krb5.so" in the
/etc/pam.d/gdm file, I get a TGT after the login in Gnome. But this also works,
if I dissable Kerberos Authentication in system-config-authentication. This was
the only approge I made for single-sign-on.This whole pam thing seems quite
messy to me.The other thing is, that I don't quite get why I have to
administrate my known-host-files for ssh. Each host has his own principal, so
why does SSH prompts the user in case of changed/unknown HostKeys.I hope
someone can help me out with these things, because they're starting to drive me
crazy!Best regardskleinerroemer
_________________________________________________________________
Testen Sie Live.com - die schnelle, personalisierte Homepage, über die Sie auf
alle für Sie relevanten Inhalte zentral zugreifen können.
http://www.live.com/getstarted
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
