Hello all,
I'm trying to configure OpenSSH v2.9p2 to authenticate via Kerberos 5.
I would like to have everything go through PAM instead of compiling krb5
support into openssh.
My setup is as follows:
-Solaris 8 in 32 bit mode
-OpenSSH v2.9p2 (configured with-pam disable-suid-ssh)
-Sun provided pam_krb5.so and Kerberos 5 implementation
-telnet, ftp authenticate with kerberos via pam okay
-pam.conf file tries to authenticate via pam_unix.so first, then
goes to pam_krb5.so. If this switched around, local users also cannot
ssh in, but the session then ends on signal 10
When connecting w/ forced SSH v2.x (-2 option), I connect and am placed
in an interactive shell, but my credential cache file is owned by root
and thus I can only login once before having a root user destroy the
cache.
Connection with the default SSH v1.5 causes the interactive session to
immediately terminate on signal 11 after the motd is printed, but the
ccache is owned by the correct uid.
I'd like to fix both the above conditions, but just one would suffice.
I've read several threads that describe both the above conditions, but
haven't seen any clean cut solutions. I'm just curious if anyone has
seen the above problems and a solution(s) for fixing them. Thanks.
--
Scott Hussey
IATS Unix Systems Support
[EMAIL PROTECTED]
