Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I have a little question and I hope you can help me ...
What Ive got working:
mit-krb5 with pam_krb5 works fine (so I get the tgt at login time)
I can login through pam_krb5 OR pam_unix and I get a tgt if it is pam_krb5 that succeeds
ketabs are setup properly .. I tested it with mit's sserver and sclient.
I added host principals too (for working with OpenSSH)
so far so good..
The connect to other hosts via OpenSSH should
a) be passwordless if I have already a tgt and it should forward the tgt
b) ask for the kerberos passwd if I havent yet a tgt
c) ask for a password for normal unix accounts if user principal doesnt exist in kdc
d) use my PAM configuration
I already achieved b) c) and d)
the only thing to do was to set
and a somewhat tricky PAM configuration
the problem: a)
passwordless logins dont work , neither forwarding tgt's..
I tried to set
but that didnt help..
BTW when uncommenting UsePAM yes
it didnt work either .. but the tgt forwarding seems to work ...
that was only a simple test since I can forget point d) of my requirements