From owner-freebsd-questions@FreeBSD.ORG Wed May 4 21:34:18 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3932716A4CE for ; Wed, 4 May 2005 21:34:18 +0000 (GMT) Received: from web50408.mail.yahoo.com (web50408.mail.yahoo.com [206.190.38.73]) by mx1.FreeBSD.org (Postfix) with SMTP id AC26C43D78 for ; Wed, 4 May 2005 21:34:17 +0000 (GMT) (envelope-from dsobiera@yahoo.com) Received: (qmail 45415 invoked by uid 60001); 4 May 2005 21:33:31 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=2kKXUuruyBvzQe1mnG3yobNZhzfdv3q3t2LX+yMtc2lhCLMnh4NQ6ZC/aa/9fWbDKrv9owJSD0SVjBO8nGFguVn6hjToqNlY0EPvZTclIJKzDSHNebnbsWTxdT72EHBoFNP98uoetm16LI1z75zVtwfCINR4tng+NdYsiY55UMg= ; Message-ID: <20050504213330.45410.qmail@web50408.mail.yahoo.com> Received: from [149.169.99.83] by web50408.mail.yahoo.com via HTTP; Wed, 04 May 2005 14:33:30 PDT Date: Wed, 4 May 2005 14:33:30 -0700 (PDT) From: Damian Sobieralski To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Kerberos 5 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 21:34:18 -0000 I have a fairly weird question for the group. I recently set up a FreeBSD 5.3 box to use pam_krb5 for sshd authentication. It worked great. I created a local workstation user via adduser and when it came time for the password based question, I selected no. So when I logged in, I typed "klist" and got some verbage back about my ticket in /tmp. I rebuilt the box and although I can log into the box, when I type klist now I get: klist: No ticket file: /tmp/krb5cc_0 Or some variation of the ticket file name. It authenticates me okay via kerneros or I couldn't get logged in, but any idea why this might happen? BTW- I read online that storing tickets like this (in /tmp) is potentially a security risk for a server so the thought was to change it to home directory tickets like the website recommends. But I did the same procedures on the install and I cannot even get to the point (step 1) where the ticket can be found in /tmp. If it didn't let me log in I'd say it just isn't working, but if I try to ssh in with any other password besides the correct one it reject me (like it should). The right password lets me in so it must be working....right? Any ideas?