Date: Sun, 27 Jul 2003 17:09:14 +0100 From: Lewis Thompson <purple@lewiz.info> To: FreeBSD-questions <freebsd-questions@freebsd.org> Subject: Kerberos / sshd Message-ID: <20030727160914.GA8683@lewiz.org>
next in thread | raw e-mail | index | archive | help
--mYCpIKhGyMATD0i+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, I'm trying to get sshd to authenticate users via Kerberos. I want to do this using a forwardable ticket (I get this by doing kinit -f). I have the necessary host/fqdn@REALM and rcmd/fqdn@REALM entries in the krb5.keytab file in /etc. I have defined the following (non-standard) options in my sshd_config: RSAAuthentication no PubkeyAuthentication no PasswordAuthentication no ChallengeResponseAuthentication no KerberosAuthentication yes KerberosOrLocalPasswd no KerberosTicketCleanup yes However, when I try and log-in I am prompted with a password prompt, where my Kerberos principle password is rejected (this is correct, I think, since all ChallResponse and PassAuth are disabled). However, I notice the KerberosTgtPassing option, which looks like it does the ticket passing magic-stuff, but it applies only to AFS. Is this correct? Can I not have ticket forwarding for authentication? Thanks very much, -lewiz. --=20 Earth is a beta site. ------------------------------------------------------------------------ -| msn:purple@lewiz.net | jab:lewiz@jabber.org | url:http://lewiz.net |- --mYCpIKhGyMATD0i+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/I/kqItq0KFQv7T8RAuNHAKDy+CduzhpjTEbOjeEEMJw/5v0ffgCfV7yz h2/54bf3Uk5SlZNm6TJGGek= =C0oW -----END PGP SIGNATURE----- --mYCpIKhGyMATD0i+--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030727160914.GA8683>