Stephen John Smoogen wrote:
On 4/6/07, Jason Edgecombe <[EMAIL PROTECTED]> wrote:
hi everyone,
I'm running RHEL5 Workstation and I'm having a devil of a time with
pam_krb5. I'm using kerberos 5 to authenticate all users and get AFS
tokens upon login. I can login to the console or gdm just fine. When
sshing into the machine with a kerberos 5 ticket, it properly passes the
ticket and gets a token. When I try to ssh into the machine without a
ticket and login with a password, it lets me into the machine, but I
have no ticket. There is no local password for the user, so kerberos
authentication is working, but the ticket isn't living past the initial
password check.
I would check the man page on klist and the command
klist -anfe
My guess is that your k5server is not giving Forwadable tickets. Or
that the /etc/krb5.conf needs to ask for them. I do not know much
about AFS, but I thought it uses krb4 tickets which also have to have
settings for them.
I solved my own problem.
I had to enable the use_shmem option in /etc/krb5.conf. for use with sshd.
Here is the appdefaults section of my /etc/krb5.conf:
[appdefaults]
pam = {
afs_cells = mycell.com
ccache_dir = /tmp
forwardable = true
tokens = sshd
external = sshd
use_shmem = sshd
}
Sincerely,
Jason Edgecombe
_______________________________________________
rhelv5-list mailing list
rhelv5-list@redhat.com
https://www.redhat.com/mailman/listinfo/rhelv5-list
