From owner-freebsd-questions@FreeBSD.ORG Thu May 5 16:15:32 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C92A16A4CE for ; Thu, 5 May 2005 16:15:32 +0000 (GMT) Received: from web50402.mail.yahoo.com (web50402.mail.yahoo.com [206.190.38.67]) by mx1.FreeBSD.org (Postfix) with SMTP id DD1DA43D8A for ; Thu, 5 May 2005 16:15:31 +0000 (GMT) (envelope-from dsobiera@yahoo.com) Received: (qmail 16516 invoked by uid 60001); 5 May 2005 16:15:28 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=jx1NBO4j/IwnkXe1jmuSxr54qcP4zCrPM844qZzkl40mCCR0SX03P5yhWUkqr0u/kdGHGph+EZELgAKcnkR63QMG2HhdsP5QO6aW8daAk5nsmWJMkaoI1umxkwNbUjpiprecK/Cj5I5ZiGZ6SG+LNWjEa8qUaG6t4HIrLVWX/kg= ; Message-ID: <20050505161528.16514.qmail@web50402.mail.yahoo.com> Received: from [149.169.99.83] by web50402.mail.yahoo.com via HTTP; Thu, 05 May 2005 09:15:28 PDT Date: Thu, 5 May 2005 09:15:28 -0700 (PDT) From: Damian Sobieralski To: Tillman Hodgson , freebsd-questions@freebsd.org In-Reply-To: <20050505154510.38AC516A4FE@hub.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: Kerberos 5 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2005 16:15:32 -0000 > How did you confirm that you were authenticating via Kerberos? ESP? :) You're right, I don't KNOW that. But if I didn't set a password when I created the user, how else would it be authenticating? Here's my /etc/pam.d/sshd file: # auth auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient pam_krb5.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass # account account required pam_login_access.so account required pam_unix.so # session session required pam_permit.so # password password required pam_unix.so no_warn try_first_pass > Do you have an environment variable like KRB5CCNAME set anywhere? I didn't set one so I don't think so. > Which Kerberos are you talking about? Another good question. Whatever kerberos that cames as the default in FreeBSD 5.3-RELEASE. I didn't install any ports at first. I'm using whatever came as stock as a pam module in /usr/lib/pam_krb5. klist also seemed installed already without any ports being added. After I wasn't getting any ticket from klist, I installed krb5 from /usr/ports/security/krb5 after doing a cvsup on my ports. Same result. > use and are perhaps running into path issues (running a different > program than you think you're running)? Always possible. As I said, pam_krb5 was already there after my base install. I found it weird that pam_krb5 was already there. Is this normal? All I did to "enable" what I thought/think was kerberos authentication for sshd was to set up the /etc/pam.d/sshd file like I stated above and created a /etc/krb5.conf file. Needless to say, I'm very new to Kerberos and will take any advice happily. - Damian