Hello,
I am new to Kerberos. I want to set up passwordless logon from Linux
workstation clients to a Linux server using SSH via Kerberos. I have
designated one of the secure Linux workstation as the KDC. Kerberos and
OpenSSH were installed on all my Linux workstations and the server by
default.
D
Hello,
I just compiled SSH v3.1.0p1 with the GSSAPI and opnessh patches included
on a Solaris 8 box. It works
fine, well I get my password authenticated by the KDC on a W2K box. But I
have
remarked that my credential cache in /tmp directory is owned by the root.
Is it correct? I also remarked tha
Thanks for your response. I'm using Mit
Kerberos5 (newest version) pam_krb5 module. I got concurrent log problem
solved by using the switch in /etc/pam/conf as
follows:
sshd auth required /usr/lib/security/$ISA/pam_unix.so.1 acceptor
I can now loggin as many times
as I like. It creates a
Hi Folks,
We should not put the "acceptor" option for sshd authentication.!! It will
bypass any authentication for any
account. That means that you don't need to use password. It accepts
anything!!
So my problem remains unchanged. I hope there is a fix soon.
Suchun
Mes
Hi! Hope this is an appropriate question for this list.
I have several hundred Linux boxes where we would like to have kerberos
enabled ssh between them. They all are on the same domain, but other
machines are also on the same domain. We have our own subnet
(129.177/16, uib.no). My thought was
Ian <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I am new to Kerberos. I want to set up passwordless logon from Linux
> workstation clients to a Linux server using SSH via Kerberos. I have
> designated one of the secure Linux workstation as the KDC. Kerberos
> and OpenSSH were installed on all my Linux
Thanks, Christopher.
All my Linux clients and server are running Fedora Core 4.
Ian
On Tue, 10 Oct 2006, Christopher D. Clausen wrote:
> Ian <[EMAIL PROTECTED]> wrote:
> > Hello,
> >
> > I am new to Kerberos. I want to set up passwordless logon from Linux
> > workstation clients to a Linux ser
[EMAIL PROTECTED] wrote:
> Hello,
>
> I just compiled SSH v3.1.0p1 with the GSSAPI and opnessh patches included
> on a Solaris 8 box. It works
> fine, well I get my password authenticated by the KDC on a W2K box. But I
> have
> remarked that my credential cache in /tmp directory is owned by the
[EMAIL PROTECTED] wrote:
: I just compiled SSH v3.1.0p1 with the GSSAPI and opnessh patches included
: on a Solaris 8 box. It works
: fine, well I get my password authenticated by the KDC on a W2K box. But I
: have
: remarked that my credential cache in /tmp directory is owned by the root.
: Is it
Simon Wilkinson wrote:
> [EMAIL PROTECTED] wrote:
> : I just compiled SSH v3.1.0p1 with the GSSAPI and opnessh patches included
> : on a Solaris 8 box. It works
> : fine, well I get my password authenticated by the KDC on a W2K box. But I
> : have
> : remarked that my credential cache in /tmp dir
Why are you using 'acceptor' with pam_unix? That is not a supported
pam_unix option. 'acceptor' should only be used by services
that are capable of exchanging Kerberos (or GSSAPI/KRB5) credentials
natively so they dont try to perform a 2nd kerberos authentication.
It is useless for any other s
I am attempting to put together an implementation of Kerberos 5 and
OpenSSH 3.8.1p1 and have question as wether I am doing it correctly.
My first step was getting Kerberos 5 operational on all the systems
involved and setting up integrated logins. Credentials are created
for host/@, and @. For t
Joe Odenweller wrote:
I am attempting to put together an implementation of Kerberos 5 and
OpenSSH 3.8.1p1 and have question as wether I am doing it correctly.
My first step was getting Kerberos 5 operational on all the systems
involved and setting up integrated logins. Credentials are created
for
[EMAIL PROTECTED] ("Douglas E. Engert") wrote in message news:<[EMAIL
PROTECTED]>...
... lots of stuff snipped out ...
> Douglas E. Engert <[EMAIL PROTECTED]>
> Argonne National Laboratory
> 9700 South Cass Avenue
> Argonne, Illinois 60439
> (630) 252-5444
> _
Joe Odenweller wrote:
[EMAIL PROTECTED] ("Douglas E. Engert") wrote in message news:<[EMAIL
PROTECTED]>...
... lots of stuff snipped out ...
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
> >
> > ... no need to repeat original message ...
> >
> >
OK, I can find the ticket cache, but its empty.
-rw--- 1 mzzckd staff 0 Nov 18 08:36
krb5cc_203_Q18296
I have no idea how to check the value of KRB5CCNAME in the login
process, since it doesn't get far enough to ini
Joe Odenweller wrote:
... no need to repeat original message ...
OK, I can find the ticket cache, but its empty.
-rw--- 1 mzzckd staff 0 Nov 18 08:36
krb5cc_203_Q18296
I have no idea how to check the value of KRB5CCNAME in the login
process, since it doesn't get far enough to
17 matches
Mail list logo