Kerberos Auth with SSH Difficulty
Good day Linux friends!!
I have an issue, where I need to have a user log in to a RHEL 6.5 server, using SSH with Kerberos against a Server 2008 domain controller.
I have searched online and followed a number of How To's on this, but nothing is working.. I MUST have missed something.
I have created a user account in AD (HTTP/servername.domain.local), and I can kinit against it. I can klist and see that I have a ticket, and it expires within ten minutes. However, I cannot get SSH to authenticate using kerberos at all.
I've modified the /etc/ssh/sshd_config to ensure it uses Kerberos Authentication.
When I attempt to log in, /var/log/secure shows:
sshd[494]: pam_unix(sshd:auth): check pass; user unknown
sshd[494]: pam_succeed_if(sshd:auth): error retrieving information about user myusername
When I log in to a server that already has Kerberos configured at an application level, I can see:
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mypc.domain.local user=myusername
pam_krb5[16353]: error reading keytab 'FILE:/etc/krb5.keytab'
pam_krb5[16353]: authentication succeeds for 'myusername' (myusername@DOMAIN.LOCAL)
Accepted password for myusername from 10.10.21.10 port 56615 ssh2
pam_unix(sshd:session): session opened for user myusername by (uid=0)
How do I get pam_krb5 to be used for the non-working server... Anyone?
Thank you very much for your time and assistance,
Xen.
|