FreeBSD 5.3: Kerberos and SSH
Mark A Gebert
geeb at thugsrus.org
Sun Jan 23 09:33:18 PST 2005
I have the SSHD PAM setup to use Kerberos the way I do under FreeBSD
4.x. When I SSH into the box I
authenticate fine the KDC issues a ticket for me but the credentials
cache does not get created. Clues?
--geeb
/etc/pam.d/sshd
#
# $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $
#
# PAM configuration for the "sshd" service
#
# auth
auth sufficient pam_krb5.so debug
try_first_pass ccache=SAFE
#auth required pam_nologin.so no_warn
auth sufficient pam_opie.so no_warn
no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn
try_first_pass
#auth sufficient pam_ssh.so no_warn
try_first_pass
auth required pam_unix.so no_warn
try_first_pass
# account
account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
# session
#session optional pam_ssh.so
session required pam_permit.so
# password
password sufficient pam_krb5.so no_warn
try_first_pass
#password required pam_unix.so no_warn
try_first_pass
% ssh tigger
Password:
FreeBSD 5.3-RELEASE (GENERIC) #0: Fri Nov 5 04:19:18 UTC 2004
Welcome to FreeBSD!
> klist
klist: No ticket file: /tmp/krb5cc_4465
5kdc log
Jan 23 12:29:12 lart.thugsrus.net krb5kdc[252](info): AS_REQ (1 etypes
{1}) 66.93.3.118: ISSUE: authtime 1106501352, etypes {rep=1 tkt=1
ses=1}, geeb at THUGSRUS.NET for krbtgt/THUGSRUS.NET at THUGSRUS.NET
Jan 23 12:29:12 lart.thugsrus.net krb5kdc[252](info): TGS_REQ (1 etypes
{1}) 66.93.3.118: ISSUE: authtime 1106501352, etypes {rep=1 tkt=1
ses=1}, geeb at THUGSRUS.NET for host/tigger.thugsrus.net at THUGSRUS.NET
More information about the freebsd-questions
mailing list