kerberos problems

martinmcc at orbweavers.co.uk martinmcc at orbweavers.co.uk
Sun Mar 13 08:25:51 PST 2005


> On Sun, Mar 13, 2005 at 03:38:46PM -0000, martinmcc at orbweavers.co.uk
> wrote:
>>    I followed the handbook guide to setting it up, and it all seems to
>> be
>> working ok. I have now setup telnetd as described to test how it is
>> working. If I have done a kinit previously, it will log in no problem,
>> but if I do not do a kinit (or do a kdestroy before hand) I get -
>>
>> kerberos V5: mk_req (No Such File or direcotry).
>>
>>    Any ideas?
>
> That sounds like it's working normally. Without a valid ticket (as shown
> by `klist`), which is cached in a file, services like telent which use
> Kerberos won't authenticate you.
>
> If I'm misunderstanding the problem you're describing, please add some
> more detail as to what you expected to have happen and how reality
> differed :-)
>
Yeah, it could well be the way it is supposed to work. Basically I want to
end up with a centralised login system for my network (i.e. no need to
create usernames on each client). I am planning to use ldap for this, and
as I understand it ldap can use kerberos for the authentication aspect. So
I am atm trying to make sure I have a good understanding of the kerberos
system and have it up and running before I tackle the next part.

what I was assuming would happen when I try to telnet in without a ticket
(i.e. with running kinit) was that I would get asked for a
username/password, and then I would get issued a ticket, rather than
manually having to kinit first.

How would this affect using pam to authenticate i.e. if I want to use
pam_krb to login to the console, I would not be able to run kinit before
hand?

[Apologies for sending this to you twice tillman , need to be more careful
with the reply to button :)]

Cheers,
Martin


More information about the freebsd-questions mailing list