From owner-freebsd-questions@FreeBSD.ORG Thu May 5 17:31:16 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F7C416A4CE for ; Thu, 5 May 2005 17:31:16 +0000 (GMT) Received: from mail.seekingfire.com (static24-72-123-45.regina.accesscomm.ca [24.72.123.45]) by mx1.FreeBSD.org (Postfix) with ESMTP id 144EA43DB5 for ; Thu, 5 May 2005 17:31:16 +0000 (GMT) (envelope-from tillman@seekingfire.com) Received: by mail.seekingfire.com (Postfix, from userid 500) id 14000126; Thu, 5 May 2005 11:31:11 -0600 (CST) Date: Thu, 5 May 2005 11:31:11 -0600 From: Tillman Hodgson To: freebsd-questions@freebsd.org Message-ID: <20050505173111.GR91867@seekingfire.com> References: <20050505154510.38AC516A4FE@hub.freebsd.org> <20050505171131.40764.qmail@web50401.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050505171131.40764.qmail@web50401.mail.yahoo.com> X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-GPG-Key-ID: 828AFC7B X-GPG-Fingerprint: 5584 14BA C9EB 1524 0E68 F543 0F0A 7FBC 828A FC7B X-GPG-Key: http://www.seekingfire.com/personal/gpg_key.asc X-Urban-Legend: There is lots of hidden information in headers X-Tillman-rules: yes he does X-No-prize-winner: Nathanael User-Agent: Mutt/1.5.9i Subject: Re: Kerberos 5 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2005 17:31:16 -0000 On Thu, May 05, 2005 at 10:11:30AM -0700, Damian Sobieralski wrote: > Followup up: > > If AFTER I log in, I issue > kinit and type my password in. Now when I > do a klist I get ticket information. Shouldn't the pam module do this > aotomatically (call kinit)? PAM does not map well to Kerberos, unfortunately. Generally speaking you want to avoid PAM with Kerberos if you can possibly use native Kerberos :-) I haven't used pam_krb5 in a long time, but perhaps I can help debug things. Can you post your PAM configure for however it is that you're logging in? (SSH, local console, kerberos telnet, etc). The ccache= option to the PAM module looks applicable, for example. -T -- Do not meddle in the affairs of sysadmins, for they can make your life miserable by doing nothing.