Openssh + pam_krb5 doesn't establish credential cache.
Viktar Sakovich
atlantos at gmail.com
Mon Nov 24 21:40:46 PST 2008
Hi.
I trying to setup ssh+pam_krb5 for authentication and establishment of
credential cache on FreeBSD 6.3 against MIT kerberos. Everything is ok with
authentication, but not with establishment of credential cache by pam_krb5.
I tried different combinations of modules in /etc/pam.d/sshd starting from
default /usr/src/etc/pam.d/sshd with uncommented pam_krb5.so. Also tried to
use "UsePrivilegeSeparation no" in /etc/ssh/sshd_config.
In kdc log file I see during user login:
Nov 24 15:22:34 kdchost krb5kdc[20876]: AS_REQ (2 etypes {1 16}) 10.34.22.15:
ISSUE: authtime 1227536554, etypes {rep=1 tkt=16 ses=1}, user at REALM for
krbtgt/REALM at REALM
Nov 24 15:22:34 kdchost krb5kdc[20876]: TGS_REQ (2 etypes {1 16})
10.34.22.15: ISSUE: authtime 1227536554, etypes {rep=1 tkt=16 ses=1},
user at REALM for host/bsdhost at REALM
After user login there are no ccache files in usual location /tmp/krb5cc_uid
and KRB5CCNAME is not set. But user can establish ccache manually using
/usr/bin/kinit.
Search on freebsd lists gave threads with discussion of above problem dated
up to 2003 without any suggestion how to resolve it.
More information about the freebsd-questions
mailing list