Hi. I have a mixed linux lab. A server based on debian (ssh 3.4p1) and clients based on gentoo (ssh version 3.8p1). My infrastructure is based on mit kerberos 5 and openafs. All I'd like to do is to make ssh sessions passwordless, based on the tickets. On both systems I use pam authentication via libpam-krb5 and gain the token via libpam-openafs-session && aklog (the debian packages). The pam_krb5.so module has flags ``use_first_pass forwardable''.
Now, how do I enable passwordless ssh GAINING the correct tickets and tokens? Those are my settings: === ssh 3.8p1 sshd_config excerpt: KerberosAuthentication yes KerberosTicketCleanup yes GSSAPIAuthentication yes GSSAPICleanupCredentials yes === ssh 3.8p1 ssh_config excerpt: GSSAPIAuthentication yes GSSAPIDelegateCredentials yes === ssh 3.4p1 sshd_config excerpt: KerberosAuthentication yes KerberosTicketCleanup yes KerberosTgtPassing yes GSSAPIAuthentication yes GSSAPIKeyExchange yes GSSAPIUseSessionCredCache yes === ssh 3.4p1 ssh_config excerpt: KerberosAuthentication yes KerberosTGTPassing yes GSSAPIAuthentication yes GSSAPIDelegateCredentials yes -- Sensei <mailto:[EMAIL PROTECTED]> <icqnum:241572242> <msn-id:[EMAIL PROTECTED]> Error: Keyboard not found. Press F1 to continue... ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos