Hi all, We are running Kerberos/Ldap on RHEL 5.2, both server and clients. We have found that if we set ChallengeResponseAuthentication yes in sshd_conf the result is no TGT ticket is created when a user logs in by ssh. This problem is detailed in a Debian bug report here; we don't see it having ever been fixed in redhat http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339734 Setting PasswordAuthentication yes does work, at least in our environment.
If anyone has any further information on this we'd appreciate it. Cheers, Steve On Wed, Nov 11, 2009 at 11:28 PM, Jeffrey Watts <jeffrey.w.wa...@gmail.com> wrote: > On Wed, Nov 11, 2009 at 9:46 AM, Javier Palacios <javi...@gmail.com> wrote: > < snip > > > One quick thing you must look at first, however, is your sshd_config. The > stock F11 sshd setup is not compatible with pam_krb5. The following two > options must be set: > ChallengeResponseAuthentication yes > UsePAM yes > > The latter is set by default, but the former is not. If > ChallengeResponseAuthentication is disabled, sshd will not use PAM for > authentication, which means pam_krb5 will never get invoked to handle the > auth. You should also enable the two GSSAPI options so that sshd will take > tickets. > < snip > > Good luck, > Jeffrey. > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > -- Steve Glasser sgla9...@gmail.com ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
