I can attest to issues with a multi homed host I had one with a
kerberos server. I would have traffic
come in on one IP but respond back on another IP which broke all
transactions from client and server,
so it wouldn't surprise me if the reverse is true and you will
I am running the following configuration:
Kerberos 1.4.0
Solaris 9
/usr/lib/ssh/sshd, /usr/bin/ssh
/usr/lib/security/pam_krb5.so.1
My /etc/pam.conf for sshd is:
sshdauth sufficient pam_krb5.so.1 try_first_pass
sshdauth required pam_unix.so.1
I've even included the
If your doing a build to put onto multiple Solaris 9 systems, be sure to
install the gnu lib package with each install, unless you wan the full
gcc package on each of your systems.
Steve
Wyllys Ingersoll wrote:
Set your LD_LIBRARY_PATH environment variable to include /usr/local/lib
Ex:
If you are using the /usr/lib/security/pam_krb5.so.1 module, then you
have to place a copy or a link of the krb5.conf into the /etc/krb5
directory that is where solaris 9 pam module looks for the krb5.conf
file!
Steve
Daniel Wachdorf wrote:
I am trying to setup pam (with su for
Sorry, missed your reference to /etc/krb5/krb5.keytab
I can't tell from you email if you are using SEAM or MIT Kerberos but this
I know holds true for the MIT Kerberos 1.4...
Get a copy of the keytab file from the master and place it accordingly...
MIT Kerberos 1.4 is
Configuration:
MIT Kerberos 1.4
Solaris 9 Master
Solaris 9, MAC OSX, PC Clients
/usr/lib/ssh/sshd daemon using pam_krb5.so.1
Pre-Auth enabled
Issue:
MAC and PC clients using ssh authenticate successfully against Solaris 9
servers and Kerberos system.
ssh -l username hostA
username@hostA
was originally created and thus the keytab
has the data necessary for decryption.
Steve
scanell wrote:
Configuration:
MIT Kerberos 1.4
Solaris 9 Master
Solaris 9, MAC OSX, PC Clients
/usr/lib/ssh/sshd daemon using pam_krb5.so.1
Pre-Auth enabled
Issue:
MAC and PC clients using ssh authenticate
UG1 52689
127.0.0.1127.0.0.1UH 813527529 lo0
I performed a kpasswd on ibsscanell with the following results:
[ibsscanell:~] scanell% kpasswd scanell
Please enter the old password for [EMAIL PROTECTED]:
Please enter the new password for [EMAIL
Thank you Tom
Now... how do I use 1.4 kprop and kpropd without DNS for
authentication
Long story, but I prefer to not address DNS because I am creating a
private environment.
When I run kprop, just after accessing resolv.conf, I am told that the
server in question
is not in the