LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 03-12-2005, 12:52 AM   #1
dbalsige
LQ Newbie
 
Registered: Mar 2005
Location: Switzerland
Distribution: LinuxFromScratch
Posts: 5

Rep: Reputation: 0
passwordless OpenSSH with MIT-Kerberos and PAM


Hi

I have a little question and I hope you can help me ...

What Ive got working:
mit-krb5 with pam_krb5 works fine (so I get the tgt at login time)
I can login through pam_krb5 OR pam_unix and I get a tgt if it is pam_krb5 that succeeds
ketabs are setup properly .. I tested it with mit's sserver and sclient.
I added host principals too (for working with OpenSSH)
so far so good..

the goal:
The connect to other hosts via OpenSSH should
a) be passwordless if I have already a tgt and it should forward the tgt
b) ask for the kerberos passwd if I havent yet a tgt
c) ask for a password for normal unix accounts if user principal doesnt exist in kdc
d) use my PAM configuration

I already achieved b) c) and d)
the only thing to do was to set
UsePAM yes
in /etc/ssh/sshd_config
and a somewhat tricky PAM configuration

the problem: a)
passwordless logins dont work , neither forwarding tgt's..
I tried to set
KerberosAuthentication yes
KerberosTicketCleanup yes
GSSAPIAuthentication yes
GSSAPICleanupCreds yes
in /etc/ssh/sshd_config
but that didnt help..

BTW when uncommenting UsePAM yes
it didnt work either .. but the tgt forwarding seems to work ...
that was only a simple test since I can forget point d) of my requirements

Any hints ?
 
Old 11-12-2009, 12:12 PM   #2
egberts
LQ Newbie
 
Registered: Nov 2009
Posts: 1

Rep: Reputation: 0
You may want to check with the following items:

1. how OpenSSH is compiled with PAM?
ldd /usr/sbin/sshd
Are there any pam modules there?

2. Do you have the correct sshd_config settings?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
suse9.1client W2k ADS kerberos and pam fatcake Linux - Networking 1 06-09-2005 01:27 AM
Active Directory, Kerberos, LDAP, PAM, and nsswitch PenguinPwrdBox Linux - Security 1 06-04-2005 09:56 PM
PAM/Kerberos authentication problem hmartin216 Linux - Security 2 03-11-2005 09:28 PM
Kerberos and PAM jimrt Linux - General 2 09-26-2003 06:50 PM
OpenSSH and PAM Authentication RyanP Linux - General 4 02-17-2001 12:08 PM


All times are GMT -5. The time now is 12:55 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration