Hi.
I trying to setup ssh+pam_krb5 for authentication and establishment of
credential cache on FreeBSD 6.3 against MIT kerberos. Everything is ok with
authentication, but not with establishment of credential cache by pam_krb5.
I tried different combinations of modules in /etc/pam.d/sshd starting from
default /usr/src/etc/pam.d/sshd with uncommented pam_krb5.so. Also tried to
use "UsePrivilegeSeparation no" in /etc/ssh/sshd_config.
In kdc log file I see during user login:
Nov 24 15:22:34 kdchost krb5kdc[20876]: AS_REQ (2 etypes {1 16}) 10.34.22.15:
ISSUE: authtime 1227536554, etypes {rep=1 tkt=16 ses=1}, [EMAIL PROTECTED] for
krbtgt/[EMAIL PROTECTED]
Nov 24 15:22:34 kdchost krb5kdc[20876]: TGS_REQ (2 etypes {1 16})
10.34.22.15: ISSUE: authtime 1227536554, etypes {rep=1 tkt=16 ses=1},
[EMAIL PROTECTED] for host/[EMAIL PROTECTED]
After user login there are no ccache files in usual location /tmp/krb5cc_uid
and KRB5CCNAME is not set. But user can establish ccache manually using
/usr/bin/kinit.
Search on freebsd lists gave threads with discussion of above problem dated
up to 2003 without any suggestion how to resolve it.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
