> I'm trying to configure 3.9 to authenticate against a Kerberos 5
> realm. Kerberos is correctly configured (I can get a ticket via
> kinit). I've created a new user class and assigned krb5-or-pwd
> authentication (relevant portion of login.conf is below). I assigned
> a user to the class and attempted to login as that user. It would
> accept neither the kerberos nor local password (tried both through
> ssh and the local console).
Did you give the wee beastie a host key on your kerberos server?
both ssh and /bin/login will attempt to verify a host key against
the server so that your kerberos server isn't getting spoofed.
For example, one of mine looks like:
# ktutil list
FILE:/etc/kerberosV/krb5.keytab:
Vno Type Principal
1 des-cbc-crc host/[EMAIL PROTECTED]
so you need to (on your kerb server) ensure you
have a host/[EMAIL PROTECTED] key with the corresponding
key in the keytab entry on your client machine
-Bob
