Kerberos / sshd
Lewis Thompson
purple at lewiz.info
Sun Jul 27 09:09:58 PDT 2003
Hi,
I'm trying to get sshd to authenticate users via Kerberos. I want to
do this using a forwardable ticket (I get this by doing kinit -f). I
have the necessary host/fqdn at REALM and rcmd/fqdn at REALM entries in the
krb5.keytab file in /etc.
I have defined the following (non-standard) options in my sshd_config:
RSAAuthentication no
PubkeyAuthentication no
PasswordAuthentication no
ChallengeResponseAuthentication no
KerberosAuthentication yes
KerberosOrLocalPasswd no
KerberosTicketCleanup yes
However, when I try and log-in I am prompted with a password prompt,
where my Kerberos principle password is rejected (this is correct, I
think, since all ChallResponse and PassAuth are disabled). However, I
notice the KerberosTgtPassing option, which looks like it does the
ticket passing magic-stuff, but it applies only to AFS. Is this
correct? Can I not have ticket forwarding for authentication?
Thanks very much,
-lewiz.
--
Earth is a beta site.
------------------------------------------------------------------------
-| msn:purple at lewiz.net | jab:lewiz at jabber.org | url:http://lewiz.net |-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20030727/aac1d586/attachment.bin
More information about the freebsd-questions
mailing list