Well, that would make sense... Looking at the sshd and ssh configurations,
it seems to be enabled on both. Is there some configuration I am missing?
[r...@ipa01 ~]# grep -i GSSAPI /etc/ssh/ssh_config
GSSAPIAuthentication yes
[r...@ipa01 ~]# grep -i GSSAPI /etc/ssh/sshd_config
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
MAT
On 12/15/08 4:45 PM, "Russ Allbery" <[email protected]> wrote:
> Mathew Rowley <[email protected]> writes:
>
>> > I am having a really hard time finding any documentation about PAM
>> > configurations. I want to be able to authenticate an SSH login with a
>> > valid Kerberos ticket. What configurations do I need within the
>> > /etc/pam.d/system-auth file to allow an authentication to succeed with a
>> > valid ticket.
>
> You're having a hard time finding that documentation because those are two
> unrelated things. PAM configuration only affects what one does once one
> has a password in hand. To authenticate with a Kerberos ticket, you need
> both an ssh client and an ssh server that support GSSAPI authentication, a
> keytab for the server, and GSSAPI authentication enabled. PAM is not
> involved.
>
> --
> Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/>
>
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
