Date: Wed, 25 Jan 2017 07:25:52 +0000 From: "C. L. Martinez" <carlopmart@gmail.com> To: freebsd-questions@freebsd.org Subject: SSH with kerberos auth doesn't provide a ticket Message-ID: <20170125072552.wrcbygdm6rbxtkhy@stonehaven.uxdom.org>
next in thread | raw e-mail | index | archive | help
Hi all, I have a strange problem with ssh when kerberos auth is used. We have three kerberos servers based on MIT kerberos. I have configured a FreeBSD 11-RELEASE virtual guest to authenticate against these kerberos servers. Auth works ok, but ssh doesn't request a kerberos ticket (I am connecting from a Windows 10 workstation with putty): cokk@bsdext01:~ % klist klist: No credentials cache found (filename: /tmp/krb5cc_1000) clopez@bsdext01:~ % I have enabled th following options in sshd_config: # Kerberos options KerberosAuthentication yes #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials yes # Set this to 'no' to disable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM yes It is strange because this "problem" only appears with FreeBSD, all others linux doesn't have this problem. What am I doing wrong? Thanks -- Greetings, C. L. Martinez
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170125072552.wrcbygdm6rbxtkhy>