SSH with kerberos auth doesn't provide a ticket
C. L. Martinez
carlopmart at gmail.com
Wed Jan 25 07:25:58 UTC 2017
Hi all,
I have a strange problem with ssh when kerberos auth is used. We have three kerberos servers based on MIT kerberos. I have configured a FreeBSD 11-RELEASE virtual guest to authenticate against these kerberos servers. Auth works ok, but ssh doesn't request a kerberos ticket (I am connecting from a Windows 10 workstation with putty):
cokk at bsdext01:~ % klist
klist: No credentials cache found (filename: /tmp/krb5cc_1000)
clopez at bsdext01:~ %
I have enabled th following options in sshd_config:
# Kerberos options
KerberosAuthentication yes
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
It is strange because this "problem" only appears with FreeBSD, all others linux doesn't have this problem.
What am I doing wrong?
Thanks
--
Greetings,
C. L. Martinez
More information about the freebsd-questions
mailing list