Hi, I am attempting to get our Solaris 9 and 10 servers to use campus kdc for ssh
authentication. I want to end up with a "cookbook" of step by step instructions on how to convert a fresh install of Solaris to kerberized ssh. Currently I am trying to make it work with Sun's pam_krb linked to Sun's kerberos. I am using the latest openssh4.3 and openssl0.9.8a (preferred because they will keep more up to date than Sun's patches) I have: 1) Placed my krb5.keytab in /etc/krb5/krb5.keytab: # klist -e -k /etc/krb5/krb5.keytab Keytab name: FILE:/etc/krb5/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 5 host/[EMAIL PROTECTED] (DES cbc mode with CRC-32) 2) configured openssh via /etc/ssh/sshd_config UsePAM yes 3) configured /etc/pam.conf sshd auth sufficient pam_unix_auth.so.1 sshd auth required pam_krb5.so.1 debug 4) /etc/krb5/krb5.conf is the standard one from campus and includes: default_tgs_enctypes = des-cbc-crc default_tkt_enctypes = des-cbc-crc I am currently getting SUCCESS on krb auth, then "bad encrytion type" in /var/adm/messages. Mar 22 11:25:02 HOSTNAME sshd[8392]: [ID 549540 auth.debug] PAM-KRB5 (auth): attempt_krb5_auth: start: user='fcocquyt' Mar 22 11:25:02 HOSTNAME sshd[8392]: [ID 179272 auth.debug] PAM-KRB5 (auth): attempt_krb5_auth: krb5_get_init_creds_password returns: SUCCESS Mar 22 11:25:02 HOSTNAME sshd[8392]: [ID 537602 auth.error] PAM-KRB5 (auth): krb5_verify_init_creds failed: Bad encryption type I am almost ready to give up on Sun's pam_krb and kerberos - (I've compiled the latest kerberos from MIT and stowed it in /usr/local) - but the pam_krb source I found on sourceforge looks SOOOOOOOO out of date.... Can anyone advise how to proceed - whether Sun's pam_krb will work, or how to get a pam_krb working from RedHat's source rpms? Any help would be appreciated! Many thanks, Fletcher. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos