Date: Sun, 13 Mar 2005 17:30:09 -0000 (GMT) From: martinmcc@orbweavers.co.uk To: freebsd-questions@freebsd.org Subject: Re: kerberos problems Message-ID: <3089.192.168.16.79.1110735009.squirrel@www.orbweavers.co.uk> In-Reply-To: <20050313155855.GD60575@seekingfire.com> References: <000801c527c9$8d9e03a0$0366a8c0@d><2986.192.168.16.79.1110728326.squirrel@www.orbweavers.co.uk> <20050313155855.GD60575@seekingfire.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sun, Mar 13, 2005 at 03:38:46PM -0000, martinmcc@orbweavers.co.uk > wrote: >> I followed the handbook guide to setting it up, and it all seems to >> be >> working ok. I have now setup telnetd as described to test how it is >> working. If I have done a kinit previously, it will log in no problem, >> but if I do not do a kinit (or do a kdestroy before hand) I get - >> >> kerberos V5: mk_req (No Such File or direcotry). >> >> Any ideas? > > That sounds like it's working normally. Without a valid ticket (as shown > by `klist`), which is cached in a file, services like telent which use > Kerberos won't authenticate you. > > If I'm misunderstanding the problem you're describing, please add some > more detail as to what you expected to have happen and how reality > differed :-) > Yeah, it could well be the way it is supposed to work. Basically I want to end up with a centralised login system for my network (i.e. no need to create usernames on each client). I am planning to use ldap for this, and as I understand it ldap can use kerberos for the authentication aspect. So I am atm trying to make sure I have a good understanding of the kerberos system and have it up and running before I tackle the next part. what I was assuming would happen when I try to telnet in without a ticket (i.e. with running kinit) was that I would get asked for a username/password, and then I would get issued a ticket, rather than manually having to kinit first. How would this affect using pam to authenticate i.e. if I want to use pam_krb to login to the console, I would not be able to run kinit before hand? [Apologies for sending this to you twice tillman , need to be more careful with the reply to button :)] Cheers, Martin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3089.192.168.16.79.1110735009.squirrel>