Date: Thu, 5 May 2005 09:15:28 -0700 (PDT) From: Damian Sobieralski <dsobiera@yahoo.com> To: Tillman Hodgson <tillman@seekingfire.com>, freebsd-questions@freebsd.org Subject: Re: Kerberos 5 Message-ID: <20050505161528.16514.qmail@web50402.mail.yahoo.com> In-Reply-To: <20050505154510.38AC516A4FE@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> How did you confirm that you were authenticating via Kerberos? ESP? :) You're right, I don't KNOW that. But if I didn't set a password when I created the user, how else would it be authenticating? Here's my /etc/pam.d/sshd file: # auth auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient pam_krb5.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass # account account required pam_login_access.so account required pam_unix.so # session session required pam_permit.so # password password required pam_unix.so no_warn try_first_pass > Do you have an environment variable like KRB5CCNAME set anywhere? I didn't set one so I don't think so. > Which Kerberos are you talking about? Another good question. Whatever kerberos that cames as the default in FreeBSD 5.3-RELEASE. I didn't install any ports at first. I'm using whatever came as stock as a pam module in /usr/lib/pam_krb5. klist also seemed installed already without any ports being added. After I wasn't getting any ticket from klist, I installed krb5 from /usr/ports/security/krb5 after doing a cvsup on my ports. Same result. > use and are perhaps running into path issues (running a different > program than you think you're running)? Always possible. As I said, pam_krb5 was already there after my base install. I found it weird that pam_krb5 was already there. Is this normal? All I did to "enable" what I thought/think was kerberos authentication for sshd was to set up the /etc/pam.d/sshd file like I stated above and created a /etc/krb5.conf file. Needless to say, I'm very new to Kerberos and will take any advice happily. - Damian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050505161528.16514.qmail>