Hi all! I've configured Debian with pam_krb5, and I can login using username and password to sshd. I've tried to use also ticket login, and I have problem with it. As I understand I need for this keytab file. But whenever I put krb5.keytab into /etc I can't login at all (even with password). auth.log says:
(pam_krb5): none: pam_sm_authenticate: entry (0x1) (pam_krb5): apache: attempting authentication as [email protected] (pam_krb5): apache: credential verification failed: Server not found in Kerberos database (pam_krb5): apache: pam_sm_authenticate: exit (failure) pam_unix(ssh:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.181 user=apache I've created keytab for apache, which is used by libapache2-mod-auth-kerb and it works - I can login with kerberos ticket. The keytab was created on W2008 server with the following command: ktpass -out host-nms.keytab -princ host/[email protected] -mapuser [email protected] -mapOp set -pass <secret> -crypto DES-CBC-MD5 -pType KRB5_NT_PRINCIPAL +DesOnly By the way, can someone tell me what for is this password in ktpass command ? Best regards J. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
