On Mon, Sep 8, 2014 at 11:44 AM, Gerardo Padierna <asl.gera...@gmail.com> wrote:
> Hello folks, > hi, I'm setting up an IPA-server instance aimed to be used primarily for > Linux/Unix clients ssh authentication (with kerberos). > I've managed to successfully set up debian clients (via sssd and also on > older debians, through libnss and pam_krb5). But for some reason I can't > authenticate ssh on Solaris10 clients. > On the Solaris box, I've followed the steps outiined here: > http://www.freeipa.org/page/ConfiguringUnixClients > and the nss part works fine (things like getent [group | passwd] and id > <user> work), but unfortunaltely, the ssh user authentication fails with an > error: > sshd auth.error PAM-KRB5 (auth): krb5_verify_init_creds failed: No such > file or directory > > On the solaris clients, does there need to be a keytab in /etc/krb5/ > directory copied over from the IPA server? > I have integrated omnios (open solaris derivative) with ipa using these notes: http://test.asenjo.nl/index.php/Omnios_ipa_client that info may or may not be useful for solaris 10 as I have zero experiece with older solaris versions. But in principle, yes, you need a host keytab to login using kerberos SSO. HTH. -- Regards, natxo
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project