Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 5 May 2005 09:15:28 -0700 (PDT)
From:      Damian Sobieralski <dsobiera@yahoo.com>
To:        Tillman Hodgson <tillman@seekingfire.com>, freebsd-questions@freebsd.org
Subject:   Re: Kerberos 5
Message-ID:  <20050505161528.16514.qmail@web50402.mail.yahoo.com>
In-Reply-To: <20050505154510.38AC516A4FE@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

> How did you confirm that you were authenticating via Kerberos?

  ESP?  :)  You're right, I don't KNOW that.  But if I didn't set a
password when I created the user, how else would it be authenticating?

Here's my /etc/pam.d/sshd file:

# auth
auth            required        pam_nologin.so          no_warn
auth            sufficient      pam_opie.so             no_warn
no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn
allow_local
auth            sufficient      pam_krb5.so             no_warn
try_first_pass
auth            required        pam_unix.so             no_warn
try_first_pass

# account
account         required        pam_login_access.so
account         required        pam_unix.so

# session
session         required        pam_permit.so

# password
password        required        pam_unix.so             no_warn
try_first_pass


> Do you have an environment variable like KRB5CCNAME set anywhere?

 I didn't set one so I don't think so.

> Which Kerberos are you talking about? 

 Another good question.  Whatever kerberos that cames as the default in
FreeBSD 5.3-RELEASE. I didn't install any ports at first. I'm using
whatever came as stock as a pam module in /usr/lib/pam_krb5.  klist
also seemed installed already without any ports being added.  After I
wasn't getting any ticket from klist, I installed krb5 from
/usr/ports/security/krb5 after doing a cvsup on my ports. Same result.

> use and are perhaps running into path issues (running a different
> program than you think you're running)?

 Always possible. As I said, pam_krb5 was already there after my base
install.  

  I found it weird that pam_krb5 was already there.  Is this normal? 
All I did to "enable" what I thought/think was kerberos authentication
for sshd was to set up the /etc/pam.d/sshd file like I stated above and
created a /etc/krb5.conf file.  Needless to say, I'm very new to
Kerberos and will take any advice happily.

- Damian

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050505161528.16514.qmail>