pam_krb5 problems
Harti Brandt
hartmut.brandt at dlr.de
Wed Aug 30 14:03:47 UTC 2006
Hi all,
has anyone successfully configured pam_krb5? It seems that the ticket
verification that is in the code does not work as intended: I have a host
key in my keytab, but reading it for verification fails, because pam_krb5
constructs the principal name host/opkndn_beagle at INTRA.DLR.DE while the
keytab contains just opkndn_beagle at INTRA.DLR.DE. When I try to add the
host/... principal to the keytab, kinit -k doesn't work anymore.
Another problem is finding the realm for the host. I have to explicitely
add the mapping for the host to the realm to krb5.conf. I have a _kerberos
TXT record in DNS, but the library fails to DNS-search for _kerberos or
_kerberos.kn.op.dlr.de, but searches for _kerberos.opkndn_beagle.. (note
the '.' at the end) which seem just wrong.
What do I wrong here?
harti
More information about the freebsd-hackers
mailing list