Hello. This is what I have:
ross@coffin /home/ross pts/2 sudo ktutil list
FILE:/etc/krb5.keytab:
Vno Type Principal
5 des-cbc-md5 nfs/coffin.local@LOCAL
5 des-cbc-md4 nfs/coffin.local@LOCAL
5 des-cbc-crc nfs/coffin.local@LOCAL
Hello.
I setup NIS, Kerberos and Kerberized NFS (v3) server.
All the required daemons are running.
/usr/home is exported from the server with sec=krb5i
And there is a client machine. I uncommented these two lines in
/etc/pam.d/system and sshd:
authsufficient pam_krb5.so
just haven't changed the last line to `required`?
I did try that, but I omitted it due to completely failing behavior.
pam_krb5.so returns failure during pam_setcred() if the user did not
log in with Kerberos credentials, whereas pam_unix.so succeeds as long
as the uid exists (I'm using nss_ldap
10.12.2011 04:22, Matt Mullins wrote:
For my systems, the canonical source of authentication information is
a Kerberos server, but I also want to support old-fashioned Unix
passwords for a handful of users (including myself) just in case the
Kerberos system is unreachable. I'm having a bit
to `required`?
I did try that, but I omitted it due to completely failing behavior.
pam_krb5.so returns failure during pam_setcred() if the user did not
log in with Kerberos credentials, whereas pam_unix.so succeeds as long
as the uid exists (I'm using nss_ldap for that part, so all the uids
do indeed
For my systems, the canonical source of authentication information is
a Kerberos server, but I also want to support old-fashioned Unix
passwords for a handful of users (including myself) just in case the
Kerberos system is unreachable. I'm having a bit of trouble adjusting
to the semantics
I'm running squid on a proxy server for several years and now my boss
wants usage reports organized by users' login names instead of IP
addresses. We're in an Active Directory environment and use Kerberos
authentication. I googled around and used this link:
http://wiki.squid-cache.org
I have multiple systems and jails at my home. I would very much like to
implement a single sign on strategy with kerberos. I think it's safer
than having private keys on every single box. I can easily do this for
shh user logins to multiple boxes. But I like to sign in as a user
the earlier discussions happened or ports as that seems more
appropriate.
What I have not tried, yet, is using MIT Kerberos from ports instead
of Heimdal, but since we use Heimdal here for everything, I am kind
of reluctant. (Otherwise, I would have to setup some Linux
server...)
This is what I
On Mon, Jan 31, 2011 at 05:43:20PM +0100, Jan Henrik Sylvester
m...@janh.de wrote:
I am struggling with exactly the same problem. Unfortunately, I got
no reply on this list about it:
http://lists.freebsd.org/pipermail/freebsd-questions/2011-January/226495.html
If you get any further,
Hi
I have the pleasure to post again to the FreeBSD list. Once a young
die-hard FreeBSD user I was pressured to make do with Linux for
reasons which I could not challenge. Part of those reasons have been
lifted so I'm considering FreeBSD again.
Googling for the subject keywords gave me quite
-January/226495.html
If you get any further, please, tell me. I am thinking about reposting
my question to a different list: stable as that is where the earlier
discussions happened or ports as that seems more appropriate.
What I have not tried, yet, is using MIT Kerberos from ports instead
the earlier discussions happened or ports as that seems more
appropriate.
What I have not tried, yet, is using MIT Kerberos from ports instead
of Heimdal, but since we use Heimdal here for everything, I am kind
of reluctant. (Otherwise, I would have to setup some Linux
server...)
I looked around
On Thu, Nov 11, 2010 at 04:22:57PM +0100, Joerg Pulz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 10 Nov 2010, Leon Meßner wrote:
Hi,
What i didn't try:
- Use the port.
please take a look at ports/152030 and the patches i mentioned in the PR.
With applied
in the
process of rebuilding gssapi dependent software. Will tell if it fixed
my issue.
Hi,
good to hear that everything went fine for you.
If you're using 8.x you should remove some of the leftover kerberos/gssapi
libraries by yourself as the ObsoleteFiles list is still incomplete in
8.x and 'make
of rebuilding gssapi dependent software. Will tell if it fixed
my issue.
Hi,
good to hear that everything went fine for you.
If you're using 8.x you should remove some of the leftover kerberos/gssapi
libraries by yourself as the ObsoleteFiles list is still incomplete in
8.x and 'make delete-old
anyone know a cvs tag= and
date= combination which lets you build world with Benjamin's patch
(tried RELENG_8 and _8_1 from 24.6 and 19.7 and now)? Actually a
complete base kerberos would be much appreciated.
Hi,
please take a look at ports/152030 and the patches i mentioned in the PR.
With applied
patch
(tried RELENG_8 and _8_1 from 24.6 and 19.7 and now)? Actually a
complete base kerberos would be much appreciated.
best regards,
Leon
pgpNaCkW0QB3v.pgp
Description: PGP signature
Sorry for the necro post..
but the source on mount_smbfs definitely has kerberos options..
http://www.opensource.apple.com/source/smb/smb-431.2/mount_smbfs/mount_smbfs.c
mount_smbfs on OSX seems to have Kerberos support, does mount_smbfs on
FreeBSD support Kerberos?
No, but if it's
Can anyone shed light on this?
I don't want to run kerberos...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
On 2/23/10 8:23 AM, Steven Friedrich wrote:
Can anyone shed light on this?
I don't want to run kerberos...
I think you posted this on the freebsd-ports list, and Gary Jennejohn
provided the following reply, have you tried?
On 2/10/10 11:59 AM, Gary Jennejohn wrote:
Run make config
Hello
My goal is to authenticate my Cyrus Imapd users against Windos 2003
Active Directory with Kerberos . I have the following setup:
Kerberos5 client
===
FreeBSD acsvfbsd06.domain.tld 7.2-RELEASE FreeBSD 7.2-RELEASE
/etc/krb.conf:
[libdefaults]
default_realm = domain.tld
LS,
It seems that KRB5 is not a default implementation within php5.
How can i add KRB5 in php5.
Reg,Danny
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
pam_permit.so
# password
#password sufficient pam_krb5.so no_warn
try_first_pass
passwordrequiredpam_unix.so no_warn
try_first_pass
If I attempt to login with the correct kerberos credentials I get the
following error:
pam_setcred() failed
Alexey Beketov wrote:
Hello, I'm trying to setup replace AD with samba, already have working
samba+ldap. And stuck with kerberos.
pkg_info:
heimdal-1.0.1
nss_ldap-1.264_1
openldap-client-2.4.13
openldap-server-2.4.13
cat /etc/krb5.conf
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var
Hello, I'm trying to setup replace AD with samba, already have working
samba+ldap. And stuck with kerberos.
pkg_info:
heimdal-1.0.1
nss_ldap-1.264_1
openldap-client-2.4.13
openldap-server-2.4.13
cat /etc/krb5.conf
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
Hello All,
Does anyone know how I can remove the Kerberos 5 installation from FreeBSD?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions
On Sun, Jan 25, 2009 at 11:06:32AM -0500, Ansar Mohammed wrote:
Hello All,
Does anyone know how I can remove the Kerberos 5 installation from FreeBSD?
Put 'WITHOUT_KERBEROS=true' in /etc/src.conf, and rebuild the system
from source, as documented in the Handbook.
Roland
--
R.F.Smith
On Sunday 25 January 2009 2:25:55 pm Roland Smith wrote:
On Sun, Jan 25, 2009 at 11:06:32AM -0500, Ansar Mohammed wrote:
Hello All,
Does anyone know how I can remove the Kerberos 5 installation from
FreeBSD?
Put 'WITHOUT_KERBEROS=true' in /etc/src.conf, and rebuild the system
from
the Kerberos 5 installation from
FreeBSD?
Put 'WITHOUT_KERBEROS=true' in /etc/src.conf, and rebuild the system
from source, as documented in the Handbook.
Roland
Speaking of wich ... is there a examples/src.conf file hidden somewhere
in 7.0-REL or do I have to create my own from scratch
On Sun, Jan 25, 2009 at 03:05:37PM -0200, Gonzalo Nemmi wrote:
On Sunday 25 January 2009 2:25:55 pm Roland Smith wrote:
On Sun, Jan 25, 2009 at 11:06:32AM -0500, Ansar Mohammed wrote:
Hello All,
Does anyone know how I can remove the Kerberos 5 installation from
FreeBSD?
Put
remove the Kerberos 5 installation from
FreeBSD?
Put 'WITHOUT_KERBEROS=true' in /etc/src.conf, and rebuild the system
from source, as documented in the Handbook.
Speaking of wich ... is there a examples/src.conf file hidden somewhere
in 7.0-REL or do I have to create my own from
come in handy :)
You can base all switches on /usr/share/mk/bsd.own.mk for easy typing and use
similar logic in your src.conf:
OFF=ZFS SENDMAIL KERBEROS
.for var in ${OFF}
WITHOUT_${var}=yes
.endfor
Also, bsd.own.mk can be ahead of the man page.
--
Mel
Problem with today's modular software
, but I still think
that having such a file available does come in handy :)
You can base all switches on /usr/share/mk/bsd.own.mk for easy typing and
use similar logic in your src.conf:
OFF=ZFS SENDMAIL KERBEROS
.for var in ${OFF}
WITHOUT_${var}=yes
.endfor
Also, bsd.own.mk can be ahead
... bsd.own.mk can be ahead of the man page.
Perhaps the OP would consider writing a sed script to generate
/usr/share/examples/etc/src.conf from /usr/share/mk/bsd.own.mk
___
freebsd-questions@freebsd.org mailing list
mount_smbfs on OSX seems to have Kerberos support, does mount_smbfs on
FreeBSD support Kerberos?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Ansar Mohammed [EMAIL PROTECTED] wrote:
Any reason why the port of HEIMDAL is at 0.6.3 (2004) in FreeBSD 7.0 when we
have 1.0 available?
On 7.0-RELEASE:
% cat /usr/ports/security/heimdal/Makefile | grep PORTVERSION
PORTVERSION=1.0.1
--
Sahil Tandon [EMAIL PROTECTED]
-
[EMAIL PROTECTED] On Behalf Of Sahil Tandon
Sent: November 16, 2008 11:10 PM
To: freebsd-questions@freebsd.org
Subject: Re: Kerberos in FreeBSD
Ansar Mohammed [EMAIL PROTECTED] wrote:
Any reason why the port of HEIMDAL is at 0.6.3 (2004) in FreeBSD 7.0
when we
have 1.0 available
Any reason why the port of HEIMDAL is at 0.6.3 (2004) in FreeBSD 7.0 when we
have 1.0 available?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL
On Mon, 2008-11-10 at 07:18 -0500, Ansar Mohammed wrote:
Does anyone know what is the actual purpose of the Kerberos krb5.keytab
file?
I have a freebsd 7 configured to authenticate users via Kerberos (both
apache and ssh).
Although the authentication between apache and browser
On Monday 10 November 2008 13:53:41 Da Rock wrote:
Check the kerberos site for further, more accurate info, and run a
google search for browser kerberos auth with apache. You do need the
right module for apache to achieve this though- mod_auth_kerb. Some only
offer a link between apache
Is sshd compiled with Kerberos support on freebsd 7.0?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Does anyone know what is the actual purpose of the Kerberos krb5.keytab
file?
I have a freebsd 7 configured to authenticate users via Kerberos (both
apache and ssh).
Although the authentication between apache and browser is still basic and
between the ssh client and server is still
Ansar Mohammed wrote:
Is sshd compiled with Kerberos support on freebsd 7.0?
Yup:
ldd /usr/sbin/sshd:
...
libgssapi.so.9 = /usr/lib/libgssapi.so.9 (0x28124000)
libkrb5.so.9 = /usr/lib/libkrb5.so.9 (0x2812b000)
...
Otherwise, you should be able to use PAM, with /etc/pam.d
On Mon, 2008-11-10 at 14:17 +0100, Mel wrote:
On Monday 10 November 2008 13:53:41 Da Rock wrote:
Check the kerberos site for further, more accurate info, and run a
google search for browser kerberos auth with apache. You do need the
right module for apache to achieve this though
I'm setting up a centralized Kerberos/LDAP authentication system and
trying to get sudo to use a) Kerberos for the password, and b) LDAP for
a non-local user's group.
Locally on a client system /etc/sudoers specifies %sysadmin to be able
to sudo to root. I don't need to move sudoers to LDAP
Da Rock wrote:
This may be a stupid question, and/or a chicken and egg conundrum:
Is it possible to use kerberos in authentication with an ntp server?
Here is my reasoning for this (and please correct any wrong assumptions
I have here): In the handbook regarding kerberos (and nearly every
On Thu, 2008-09-18 at 08:28 +0100, Matthew Seaman wrote:
Da Rock wrote:
This may be a stupid question, and/or a chicken and egg conundrum:
Is it possible to use kerberos in authentication with an ntp server?
Here is my reasoning for this (and please correct any wrong assumptions
I
This may be a stupid question, and/or a chicken and egg conundrum:
Is it possible to use kerberos in authentication with an ntp server?
Here is my reasoning for this (and please correct any wrong assumptions
I have here): In the handbook regarding kerberos (and nearly every other
reliable source
to sftp(1)
KERBEROS=on Enable kerberos (autodetection)
SUID_SSH=off Enable suid SSH (Recommended off)
GSSAPI=on Enable GSSAPI support (req: KERBEROS)
KERB_GSSAPI=on Enable Kerberos/GSSAPI patch (req: GSSAPI)
OPENSSH_CHROOT=off Enable CHROOT support
OPENSC=off Enable
Hi all,
I am trying to build 'openssh-portable' from ports (security/openssh-portable/)
with the following configuration options:
PAM=on Enable pam(3) support
TCP_WRAPPERS=on Enable tcp_wrappers support
LIBEDIT=on Enable readline support to sftp(1)
KERBEROS=on Enable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi group,
I try to figure out which options I should pass to mount_nfs when I want
to use Kerberos authentication instead of the classic sys permission.
In some online man pages of V4 I find an option -K, I can't find
anything like this on my 6
://www.royhooper.ca/blog/articles/2007/07/07/installing-the-darwin-calendar-server-on-freebsd)
which were quite reasonable, and which I finally worked out (see freebsd-ports
list). But it won't start. It loops saying that kerberos is not supported.
According to the instructions, kerberos needs
have most of the machines here doing ssh authentication via kerberos
against a heimdal KDC running openbsd 4.2-release. the freebsd 7.0beta4
host i recently installed will not allow machines to ssh into it using
kerberos credentials but it (freebsd host) does successfully get and use
tickets
On Mon, 2007-12-31 at 14:07 -0600, Jacob Yocom-Piatt wrote:
have most of the machines here doing ssh authentication via kerberos
against a heimdal KDC running openbsd 4.2-release.
I have a similar setup here with an OpenBSD 4.2 KDC and a FreeBSD
7.0-BETA2 machine and I remember it being
Good afternoon everyone,
I'm trying to setup a testbed here for a Kerberos server so that XP clients
can authenticate. I have been following the handbook for the server
configuration and a few other sources for configuring XP as the client. So
far I have had good success as I can see
at the end I exported it from the kdc and copied it by hand in
/etc/krb5.keytab on my client FreeBSD box, but I do not know
if in this way it will work.
anyway now I have another problem.
I am not able to configure ssh to login via kerberos.
I tryed everything
KerberosAuthentication yes
to
keep everything off the network.
anyway now I have another problem.
I am not able to configure ssh to login via kerberos.
I tryed everything
KerberosAuthentication yes
KerberosOrLocalPasswd yes
KerberosTicketCleanup yes
Kerberos* is, counterintuitively, not what you want. Google
Hello,
I would liek to use FreeBSD as a login ox using krb5 authentication
and ldap authorization.
The KDC kerberos server is another machine as well hte LDAP server,
this freebsd box is a kerberos and ldap client.
Anyone could give me some good hint on hoe to configure hte FreeBSD box
-Original Message-
From: [EMAIL PROTECTED] [mailto:owner-freebsd-
[EMAIL PROTECTED] On Behalf Of RJ45
Sent: Tuesday, March 06, 2007 9:08 AM
To: freebsd-questions@freebsd.org
Subject: Kerberos authenticatino and ldap authorization
Hello,
I would liek to use FreeBSD as a login
On Tue, Mar 06, 2007 at 10:07:57AM -0700, RJ45 wrote:
for example I would like to installa MIT krb5 implementation from ports
instead of using heidmal default this because the kerberos server
on my network is a MIT server and I can't use kadmin on FreeBSD
to administrer the kerberos server
I found that kerberos5 had been deleted from my system and NO_KERBEROS=TRUE was
in my make.conf file.
Kerberos was originally installed on this sytem.
pkg_info |grep crypt
shows:
libdvdcss-1.2.9._2
libgcrypt-1.2.3_1
are installed
can I safely reinstall kerberos by using make in /usr/src
dependency yes fails with message
heimdal -0.7.2_2 conflicts with installed package kbr5-1.5.1_1
It seems that I have a conflict with kerberos and heimdal.
Can anyone tell me how to trace the problem and deal with it?
Thanks
David
#
___
freebsd
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Vizion
Sent: Friday, December 29, 2006 7:56 AM
To: freebsd-questions@freebsd.org
Subject: Kerberos/Heimdal/samba-libsmbclient
I have a conflict regarding samba-libsmbclient-3.0.23d which
I am having trouble getting Samba 3 to compile with ADS support and I have
narrowed the problem down to Kerberos. I have been told previously to NOT
install the security/krb5 port when installing Samba 3 with ADS support, but
I had already done that. After removing the security/krb5 port
On 12/12/06, Timothy Radigan [EMAIL PROTECTED] wrote:
I am having trouble getting Samba 3 to compile with ADS support and I have
narrowed the problem down to Kerberos. I have been told previously to NOT
install the security/krb5 port when installing Samba 3 with ADS support,
but
I had already
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Scott Peshak wrote:
On 8/4/06, Garrett Cooper [EMAIL PROTECTED] wrote:
Hi all,
Just wondering if it's possible for NIS and Kerberos 5 to work in
tandem with one another, such that NIS would handle groups and
configuration file management
On 8/4/06, Garrett Cooper [EMAIL PROTECTED] wrote:
Hi all,
Just wondering if it's possible for NIS and Kerberos 5 to work in
tandem with one another, such that NIS would handle groups and
configuration file management and Kerberos would handle authentication
only. Also
Hi all,
Just wondering if it's possible for NIS and Kerberos 5 to work in
tandem with one another, such that NIS would handle groups and
configuration file management and Kerberos would handle authentication
only. Also, is this sort of overkill perhaps, where NIS is not really
needed?
I
Hello,
I am using a freeBSD 5.4. and am trying to authenticate using
pam_krb5.so against an OS X server REALM.
I have couple of problems that seems a bit tough to handle for a
novice of kerberos as I am.
For the picture here is my config :
---
- A KDC
Hi,
I'm trying to setup a Kerberos realm, on a 5.4-STABLE box using the
base heimdal version.
I have succesfully created the database and I can get a ticket using
kinit.
Now I'm trying to setup the ssh service so that it authenticates to
the kerberos server, and so that it saves the ticket
format:
authrequiredpam_krb5.so no_warn try_first_pass
ccache=FILE:/tmp/krb5_%u
Furthermore, do not test logging in with a user that has both a local account
and a kerberos principal -- it may confuse you :-/
For the record here is the /etc/pam.d/sshd that I
Hi, all!
There is simple Kerberos question.
We have w2k3 PDC here and want to setup one machine
(machine.domain.com) to interoperate with it.
Samba's net ads join works.
kinit works.
but telnet to machine.domain.com from the same machine fails with thw
following debug:
[ Trying mutual KERBEROS5
Hi,
Can anyone tell me the different between Kerberos and FreeRadius?
Please suggest me a link where I can learn more information. Thanks in
advance.
Jeff
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo
Hello,
First off, I'll admit up front that PAM makes no sense to me whatever.
So, maybe the anser is in my PAM config.
I have a 5.3 system running in a Kerberos 5 environment. I have
configured ssh to authenticate against Kerberos just fine. And ksu
works just right too. But sudo, I can
on both boxes. PuTTY patched with Kerberos support
works fine as a client to both boxes (and obviously has no problems with
the KDC). Each box can negociate a login to itself However neither can
talk to the other.
I first recompiled the stock RedHat OpenSSH with the gss tag change to
allow
Denis Lemire wrote:
I would like to setup Heimdal Kerberos and use OpenLDAP to store its database.
Too my knowledge the kerberos installation in the base of FreeBSD 5.4
does not support LDAP. I could install from ports but then I end up
with two kerberos installations which is sure to give me
Help please! I can't make my lab to university =(
P subj.
P I must setting up PDC: unix server and win-clients. But samba not
P compiling =(
P Samba 3.0.14a (and trying with 3.0.13)
P krb5-1.3.4_2
P openldap-2.2.15 with sasl
P uname -a
P FreeBSD freebsd53.localdomain 5.3-RELEASE FreeBSD
Hello freebsd-questions,
subj.
I must setting up PDC: unix server and win-clients. But samba not
compiling =(
Samba 3.0.14a (and trying with 3.0.13)
krb5-1.3.4_2
openldap-2.2.15 with sasl
uname -a
FreeBSD freebsd53.localdomain 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5
04:19:18 UTC 2004
Hello freebsd-questions,
subj.
I must setting up PDC: unix server and win-clients. But samba not
compiling =(
Samba 3.0.14a (and trying with 3.0.13)
krb5-1.3.4_2
openldap-2.2.15 with sasl
uname -a
FreeBSD freebsd53.localdomain 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5
04:19:18 UTC 2004
I would like to setup Heimdal Kerberos and use OpenLDAP to store its database.
Too my knowledge the kerberos installation in the base of FreeBSD 5.4
does not support LDAP. I could install from ports but then I end up
with two kerberos installations which is sure to give me a headache
somewhere
Hi,
I'm trying to configure a kerberos realm, and I have
already installed heimdal on one FreeBSD5.4 machine
and was able to run KDC daemon. I can already acquire
a TGT and was about to test it using telnet.
First, after acquiring a ticket granting ticket, I
launched telnet on another machine
On Mon, May 09, 2005 at 05:44:23PM -0700, Damian Sobieralski wrote:
Look into the GSSAPI options for /etc/ssh/ssh_config instead.
Newer OpenSSH versions support Kerberos natively and
don't need PAM hacks.
Thanks Tillman! I was using PAM only based on someone's
recommendation. As I've
Anyone?
Message: 20
Date: Thu, 5 May 2005 15:26:11 -0700 (PDT)
From: Damian Sobieralski [EMAIL PROTECTED]
Subject: Re: Kerberos
To: freebsd-questions@freebsd.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=us-ascii
PAM does not map well to Kerberos, unfortunately
On Mon, May 09, 2005 at 08:53:21AM -0700, Damian Sobieralski wrote:
PAM does not map well to Kerberos, unfortunately. Generally speaking
you want to avoid PAM with Kerberos if you can possibly use native
Kerberos
:-)
It seems my ignorance is kicking in here- how would they log
. It authenticates me okay
via kerneros or I couldn't get logged in, but any idea why this might
happen?
How did you confirm that you were authenticating via Kerberos?
Do you have an environment variable like KRB5CCNAME set anywhere?
Which Kerberos are you talking about? The limited Heimdal
How did you confirm that you were authenticating via Kerberos?
ESP? :) You're right, I don't KNOW that. But if I didn't set a
password when I created the user, how else would it be authenticating?
Here's my /etc/pam.d/sshd file:
# auth
authrequiredpam_nologin.so
Followup up:
If AFTER I log in, I issue kinit and type my password in. Now when I
do a klist I get ticket information. Shouldn't the pam module do this
aotomatically (call kinit)?
If anyone can educate me in kerberos, I'd appreciate
On Thu, May 05, 2005 at 10:11:30AM -0700, Damian Sobieralski wrote:
Followup up:
If AFTER I log in, I issue kinit and type my password in. Now when I
do a klist I get ticket information. Shouldn't the pam module do this
aotomatically (call kinit)?
PAM does not map well to Kerberos
PAM does not map well to Kerberos, unfortunately. Generally speaking
you want to avoid PAM with Kerberos if you can possibly use native
Kerberos
:-)
It seems my ignorance is kicking in here- how would they log into the
machine first, to issue kinit/native if I don't use PAM to get them
I found another person having this problem. No replies though :(
http://groups-beta.google.com/group/lucky.freebsd.questions/browse_thread/thread/955323f07570f076/1bf8bf734758fc92?rnum=16#1bf8bf734758fc92
___
freebsd-questions@freebsd.org mailing
I have a fairly weird question for the group. I recently set up a
FreeBSD 5.3 box to use pam_krb5 for sshd authentication. It worked
great. I created a local workstation user via adduser and when it came
time for the password based question, I selected no. So when I logged
in, I typed klist
option..
Or is it better do do a rebuild with kerberos and if so, which version?
--
dick -- http://nagual.st/ -- PGP/GnuPG key: F86289CE
++ Running FreeBSD 4.11 ++ FreeBSD 5.3
+ Nai tiruvantel ar vayuvantel i Valar tielyanna nu vilja
___
freebsd-questions
Hi *,
I get stucked for several hours with configuring SSH authentication via Kerberos. I tested the same configuration on Linux and there was no problem.
I suspect pam_krb5.so.
My requisities:
FreeBSD 5.3-RELEASE-p5
Kerberos comming with base system (heimdal implementation (Heimdal 0.6.1
Hi,
I'm currently battling with kerberos, and am having a bit of a problem
authenticating. It is most likely an error on my part, the whole process
of what is involved in kerberos and how it works is yet to click in my
head.
I followed the handbook guide to setting it up, and it all seems
not do a kinit (or do a kdestroy before hand) I get -
kerberos V5: mk_req (No Such File or direcotry).
Any ideas?
That sounds like it's working normally. Without a valid ticket (as shown
by `klist`), which is cached in a file, services like telent which use
Kerberos won't authenticate you
not do a kinit (or do a kdestroy before hand) I get -
kerberos V5: mk_req (No Such File or direcotry).
Any ideas?
That sounds like it's working normally. Without a valid ticket (as shown
by `klist`), which is cached in a file, services like telent which use
Kerberos won't authenticate
. If I have done a kinit previously, it will log in no problem,
but if I do not do a kinit (or do a kdestroy before hand) I get -
kerberos V5: mk_req (No Such File or direcotry).
Any ideas?
That sounds like it's working normally. Without a valid ticket (as shown
by `klist`), which
On Sun, Mar 13, 2005 at 05:30:09PM -, [EMAIL PROTECTED] wrote:
what I was assuming would happen when I try to telnet in without a ticket
(i.e. with running kinit) was that I would get asked for a
username/password, and then I would get issued a ticket, rather than
manually having to kinit
I have the SSHD PAM setup to use Kerberos the way I do under FreeBSD
4.x. When I SSH into the box I
authenticate fine the KDC issues a ticket for me but the credentials
cache does not get created. Clues?
--geeb
/etc/pam.d/sshd
#
# $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm
1 - 100 of 143 matches
Mail list logo