sshd and Kerberos



Hello.

I setup NIS, Kerberos and Kerberized NFS (v3) server.
All the required daemons are running.

/usr/home is exported from the server with sec=krb5i

And there is a client machine. I uncommented these two lines in
/etc/pam.d/system and sshd:
auth sufficient pam_krb5.so no_warn try_first_pass
password sufficient pam_krb5.so no_warn try_first_pass

Now, if I do a local login to the client (on the text console)
everything works fine, I get the Kerberos tickets and have access to
mounted /usr/home

But if I ssh into the client from server I do log in, but I don't get
any ticket and access to /usr/home is denied.

How to make sshd pam module create Kerberos tickets on login?
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: Kerberos with Windows Integrated authentication
    ... behaviour if your Web server is in the client broweser's Internet zone. ... referencing it by computer name rather than FQDN), the browser will request ... Obviously, if you want to use Kerberos for authentication, you will either ...
    (microsoft.public.windows.server.security)
  • Re: Kerberised NFS
    ... Kerberised NFS presumably requires authentication and encryption between client and server, so presumably the client needs to get a ticket prior to contacting the server. ... server with kerberos security options, and successfully automounting user's home directories on client machines when they log in. ...
    (comp.protocols.kerberos)
  • Re: Kerberos authentication fails
    ... we had have kerberos log activated yesterday while we test the ... Client Server Name: ... * System Event logs in GPRSServer03 ... Server domain: DISTROMEL.GPRS ...
    (microsoft.public.sqlserver)
  • Re: Kerberos authentication fails
    ... we had have kerberos log activated yesterday while we test the ... Client Server Name: ... * System Event logs in GPRSServer03 ... Server domain: DISTROMEL.GPRS ...
    (microsoft.public.win2000.security)
  • Re: Server not found in Kerberos Database
    ... Server not found in Kerberos Database ... When I am trying to do a kinit on the client, ... I have a KDC on Win2003 and a client which is a Linux is trying = ...
    (comp.protocols.kerberos)