I've been searching mailing lists, man pages, and google with no good
results, so I'm here to ask for a little nudge in the right direction.
I'm trying to configure 3.9 to authenticate against a Kerberos 5
realm. Kerberos is correctly configured (I can get a ticket via
kinit). I've created a new user class and assigned krb5-or-pwd
authentication (relevant portion of login.conf is below). I assigned
a user to the class and attempted to login as that user. It would
accept neither the kerberos nor local password (tried both through
ssh and the local console).
My next thought was that krb5 will allow authentication via a ticket
only (and not interactive login), so I grabbed a ticket (kinit -f) on
another system and tried to ssh in with the same results -- it
prompted for a password and accepted neither the kerberos nor local
passwords.
I assume I'm missing a step here, but can't find any documentation or
hints as to what that might be. I'd appreciate any links or
suggestions on man pages that I should read.
Thanks in advance.
-- Don
login.conf excerpt:
-------------------------
netid:\
:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/
local/bin:\
:umask=022:\
:datasize-max=512M:\
:datasize-cur=512M:\
:maxproc-max=128:\
:maxproc-cur=64:\
:openfiles-cur=64:\
:stacksize-cur=4M:\
:localcipher=blowfish,6:\
:ypcipher=old:\
:auth=krb5-or-pwd: