Jeff Blaine wrote: > I apologize for the general nature of this post. Maybe it's > better posted to the secureshell list which is loaded with > spam and is often choked up sitting on some server somewhere, > but... > > I can ssh with GSSAPI auth to a Solaris 10 box fine. When > I'm in though, klist says I have no credential cache and > there's nothing useful in /tmp.
What does your /etc/pam.conf look like? We force ssh via PAM to be a session based cred, and get AFS token too: # Used by GSS, but ssh has bug about saving creds, so we use session based creds. sshd-gssapi account requisite pam_roles.so.1 sshd-gssapi account required pam_unix_account.so.1 sshd-gssapi account required /krb5/lib/pam_krb5_ccache.so.1 ccache=/tmp/krb5cc_%u_%p sshd-gssapi session required pam_unix_session.so.1 sshd-gssapi session required /krb5/lib/pam_afs2.so.1 sshd-gssapi session required /krb5/lib/pam_krb5_ccache.so.1 cleaen See: ftp://achilles.ctd.anl.gov/pub/DEE/pam_krb5_ccache-0.1.tar ftp://achilles.ctd.anl.gov/pub/DEE/pam_afs2-0.1.tar > > Has anyone come across this and found an answer? > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
