Steve Glasser <[email protected]> writes: > We are running Kerberos/Ldap on RHEL 5.2, both server and clients. We > have found that if we set > ChallengeResponseAuthentication yes > in sshd_conf the result is no TGT ticket is created when a user logs > in by ssh. This problem is detailed in a Debian bug report here; we > don't see it having ever been fixed in redhat > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339734 > Setting > PasswordAuthentication yes > does work, at least in our environment.
Red Hat and Debian use completely different code bases for pam-krb5. That particular bug (ssh running PAM in odd contexts and discarding PAM data) is something that I thought Red Hat's PAM module had its own workaround for using shared memory or some such thing, but since I don't use it, I'm not sure. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
