I've been working to get kerberos v5 authentication working with AD and have managed to get ticket granting working with local login or ssh login (I have kerberos logging enabled on W2K and see the ticket grant success message)... My problem is that no matter how I change my Pam configuration I still get denied access?
I have followed the MS guide to getting this working but the unix configuration is very vague in regards to setting up pam... Any suggestions are greatly appreciated! Thanks in advance, Mike /etc/pam.conf: login auth sufficient pam_krb5.so try_first_pass login auth required pam_unix.so try_first_pass login account required pam_unix.so login password required pam_permit.so login session required pam_permit.so /var/log/auth.log: Nov 10 08:07:13 sisbsd sshd[6899]: (pam_krb5) pam_sm_authenticate: result for user `krbtest': Please ignore underlying account module Nov 10 08:07:13 sisbsd sshd[6897]: error: PAM: Authentication failure Nov 10 08:07:13 sisbsd sshd[6897]: Failed keyboard-interactive/pam for krbtest from ::1 port 1043 ssh2 /etc/master.passwd: krbtest:krb5:1004:1004::0:0:krbtest:/home/krbtest:/bin/sh W2K AD account settings (krbtest): - User cannot change password - Password never expires - Use DES encryption - Do not require kerberos pre-auth W2K Event Log: - EventID 672 Authentication Ticket Granted - No other events shown (fail or success) in given timeframe ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
