krb5 login help

2006-10-24 Thread Donald J. Ankney
I've been searching mailing lists, man pages, and google with no good results, so I'm here to ask for a little nudge in the right direction. I'm trying to configure 3.9 to authenticate against a Kerberos 5 realm. Kerberos is correctly configured (I can get a ticket via kinit). I've created

Re: krb5 login help

2006-10-24 Thread Chris Kuethe
On 10/24/06, Donald J. Ankney [EMAIL PROTECTED] wrote: I've been searching mailing lists, man pages, and google with no good results, so I'm here to ask for a little nudge in the right direction. Did you turn on kerberos in sshd_config? -- GDB has a 'break' feature; why doesn't it have 'fix'

Re: krb5 login help

2006-10-24 Thread Ryan Corder
On Tue, 2006-10-24 at 09:22 -0700, Donald J. Ankney wrote: I assume I'm missing a step here, but can't find any documentation or hints as to what that might be. I'd appreciate any links or suggestions on man pages that I should read. what does your logs say? is your Kerberos server in DNS?

Re: krb5 login help

2006-10-24 Thread Bob Beck
I'm trying to configure 3.9 to authenticate against a Kerberos 5 realm. Kerberos is correctly configured (I can get a ticket via kinit). I've created a new user class and assigned krb5-or-pwd authentication (relevant portion of login.conf is below). I assigned a user to the class and

Re: krb5 login help

2006-10-24 Thread Donald J. Ankney
On Oct 24, 2006, at 12:29 PM, Bob Beck wrote: Did you give the wee beastie a host key on your kerberos server? both ssh and /bin/login will attempt to verify a host key against the server so that your kerberos server isn't getting spoofed. I think this is the place where I'm running

Re: krb5 login help

2006-10-24 Thread Jacob Yocom-Piatt
Original message Date: Tue, 24 Oct 2006 13:28:20 -0700 From: Donald J. Ankney [EMAIL PROTECTED] Subject: Re: krb5 login help To: Bob Beck [EMAIL PROTECTED] Cc: misc@openbsd.org On Oct 24, 2006, at 12:29 PM, Bob Beck wrote: Did you give the wee beastie a host key on your

Re: krb5 login help

2006-10-24 Thread Jacob Yocom-Piatt
Original message Date: Tue, 24 Oct 2006 15:50:58 -0500 (CDT) From: Jacob Yocom-Piatt [EMAIL PROTECTED] Subject: Re: krb5 login help To: misc@openbsd.org The next problem is that I don't control the server (I'm trying to authenticate my departmental server against the university

Re: krb5 login help

2006-10-24 Thread Bob Beck
The kerberos server admins have to add you a host key, they then give you that key and you put it in a keytab file on your client. I.e. they a kadmin addprinc -pw somepassword host/[EMAIL PROTECTED] and give you the result to put in a keytab file. Doing this ensures you can ask