Kurt:
Sorry, I was wrong about the PID being different pointing to a problem. I
had misread our log files here, thinking that on our systems, the pid
didn't change between auth and session phase.
Actually, it looks like the problem is 'keyboard-interactive'
authentication in sshd. This seems to break the krb5 PAM module.
I'm guessing that you changed the default configuration in
/etc/ssh/sshd_config from
ChallengeResponseAuthentication no
to
ChallengeResponseAuthentication yes
or something like that? (or maybe you just removed the line altogether;
challengeresponse is enabled by default if nothing is there)
With the default /etc/ssh/sshd_config from openssh-server-3.9p1-8.RHEL4.4,
everything works; if I change it so that ChallengeResponseAuthentication
is enabled, then pam_krb5 fails for me in the exact same way it fails for
you.
Ensure that you have:
ChallengeResponseAuthentication no
in /etc/ssh/sshd_config and see if that fixes your problem?
-Chris
[EMAIL PROTECTED]
On Mon, 18 Jul 2005, Kurt Seiffert wrote:
We are running the package 'openssh-server-3.9p1-8.RHEL4.4'. My man pages
for sshd_config indicates that UsePAM is off by default. I turned off the
pubkey, because I had been using a pub/priv key, but that seemed to cause ssh
to skip completely the kerberos authentication.
I'm using this on i386. Thanks for the observation about the difference
between the auth and session messages. Not sure where to go with that, but it
is interesting.
The basic problem still seems to be that the kerberos tickets are not getting
written to the cache so that subsequent processes have access to them.
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
