On Sun, 2006-01-01 at 19:43 -0800, Russ Allbery wrote: > This isn't using PAM at all -- note the lack of calls to > pam_sm_authenticate. Oh! Do you have "UsePAM yes" in your sshd_config? > ChallengeResponseAuthentication always forces PAM authentication, I > believe; otherwise, sshd defaults to doing an old-style crypt password > match against /etc/shadow unless UsePAM is yes. (I think.)
UsePAM is currently on. However, it looks like the KerberosAuthentication option must be set as well in order to use pam_krb5.so. So the combination of ChallengeResponseAuthentication no, KerberosAuthentication yes (it defaults to no), and UsePAM yes appears to fix the problem. Thanks again, Craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
