Craig Gallek <[EMAIL PROTECTED]> writes: > On Sun, 2006-01-01 at 19:43 -0800, Russ Allbery wrote:
>> This isn't using PAM at all -- note the lack of calls to >> pam_sm_authenticate. Oh! Do you have "UsePAM yes" in your >> sshd_config? ChallengeResponseAuthentication always forces PAM >> authentication, I believe; otherwise, sshd defaults to doing an >> old-style crypt password match against /etc/shadow unless UsePAM is >> yes. (I think.) > UsePAM is currently on. However, it looks like the > KerberosAuthentication option must be set as well in order to use > pam_krb5.so. KerberosAuthentication doesn't use PAM; it calls the Kerberos authentication functions directly. For some reason, sshd isn't doing PAM authentication unless you turn on ChallengeResponseAuthentication. I'm completely mystified by this; it's never behaved like that for me. Weird.... -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]