Lars Schimmer <[EMAIL PROTECTED]> wrote: > After some time with krb5 and pam working but with no ticket > forwarding I want to set that up. > Anyone got krb5-ticket forwarding with automatic token generation on > remote debian pc running and has tips for me to set this up?
https://www-s.acm.uiuc.edu/wiki/space/Setting+up+SSH+on+Debian And you want to install libpam-openafs-session and add it to the appropriate PAM config files as well. The ssh-krb5 package should by default always run through the PAM routines, even when using forwarded credentials so that you always get tokens. I can post my PAM configs as well if that is desired, but I basically copied ones I found in various mailing list archive posts, http://mailman.mit.edu/pipermail/kerberos/2004-October/006621.html > And does this work from winxp krb5 to debian krb5, to? What do you mean by "winxp krb5"? I use a GSSAPI modified version of putty (bottom of: http://www.sweb.cz/v_t_m/ ) to connect to my Debian (and Solaris and AIX) machines using Kerberos credentials from the MIT krb5cc. It should work as well from the MS SSPI (might need to run an ms2mit command to pull MS creds into MIT krb5cc first though, depending upon enc_types and other stuff.) <<CDC -- Christopher D. Clausen [EMAIL PROTECTED] SysAdmin _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
