I believe krb5 forwarding requires a host principal for the
forwarding machine. Do you have one for your home machine?
--James
On Sep 6, 2007, at 11:06 AM, Ken Aaker wrote:
I spent a good portion of the evening trying to get Kerberos
credential
passing to work on my home setup, but never got it to work.
I have a nagging suspicion that I'm misunderstanding something basic.
I'm running OpenSuSE 10.2 x86_64, with OpenAFS 1.4.4, krb5-1.5.1, and
OpenSSH 4.4p1, and pam_afs_session 1.4 (freshly downloaded and built).
I've set up /etc/pam.d/common-auth-pc and /etc/pam.d/common-session-pc
to look like the example in Russ's readme file.
When I ssh into the machine, I'm prompted for a password (which isn't
what I'm after). If I enter the password, everything seems to work
properly, I get a new pag, krb5 tickets, and tokens. I do have tickets
and tokens in the session that I ssh from. It seems like I'm missing
whatever triggers ssh to pass over the ticket?
I've been messing with this on and off for years, it's really handy
when
it works.
Thanks,
Ken Aaker
Here's my krb5.conf file.
-----------------------------
[libdefaults]
default_realm = AAKER.ORG
clockskew = 300
[realms]
AAKER.ORG = {
kdc = sif.aaker.org
default_domain = aaker.org
admin_server = sif.aaker.org
}
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[domain_realm]
.aaker.org = AAKER.ORG
[appdefaults]
pam = {
ticket_lifetime = 30d
renew_lifetime = 30
forwardable = true
proxiable = true
retain_after_close = false
minimum_uid = 1
use_shmem = sshd
}
-----------------------------
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info