Kerberos 5
Damian Sobieralski
dsobiera at yahoo.com
Thu May 5 09:15:32 PDT 2005
> How did you confirm that you were authenticating via Kerberos?
ESP? :) You're right, I don't KNOW that. But if I didn't set a
password when I created the user, how else would it be authenticating?
Here's my /etc/pam.d/sshd file:
# auth
auth required pam_nologin.so no_warn
auth sufficient pam_opie.so no_warn
no_fake_prompts
auth requisite pam_opieaccess.so no_warn
allow_local
auth sufficient pam_krb5.so no_warn
try_first_pass
auth required pam_unix.so no_warn
try_first_pass
# account
account required pam_login_access.so
account required pam_unix.so
# session
session required pam_permit.so
# password
password required pam_unix.so no_warn
try_first_pass
> Do you have an environment variable like KRB5CCNAME set anywhere?
I didn't set one so I don't think so.
> Which Kerberos are you talking about?
Another good question. Whatever kerberos that cames as the default in
FreeBSD 5.3-RELEASE. I didn't install any ports at first. I'm using
whatever came as stock as a pam module in /usr/lib/pam_krb5. klist
also seemed installed already without any ports being added. After I
wasn't getting any ticket from klist, I installed krb5 from
/usr/ports/security/krb5 after doing a cvsup on my ports. Same result.
> use and are perhaps running into path issues (running a different
> program than you think you're running)?
Always possible. As I said, pam_krb5 was already there after my base
install.
I found it weird that pam_krb5 was already there. Is this normal?
All I did to "enable" what I thought/think was kerberos authentication
for sshd was to set up the /etc/pam.d/sshd file like I stated above and
created a /etc/krb5.conf file. Needless to say, I'm very new to
Kerberos and will take any advice happily.
- Damian
More information about the freebsd-questions
mailing list