Good day Linux friends!!

I have an issue, where I need to have a user log in to a RHEL 6.5 server, using SSH with Kerberos against a Server 2008 domain controller.

I have searched online and followed a number of How To's on this, but nothing is working.. I MUST have missed something.

I have created a user account in AD (HTTP/servername.domain.local), and I can kinit against it. I can klist and see that I have a ticket, and it expires within ten minutes. However, I cannot get SSH to authenticate using kerberos at all.

I've modified the /etc/ssh/sshd_config to ensure it uses Kerberos Authentication.

When I attempt to log in, /var/log/secure shows:
sshd[494]: pam_unix(sshd:auth): check pass; user unknown
sshd[494]: pam_succeed_if(sshd:auth): error retrieving information about user myusername

When I log in to a server that already has Kerberos configured at an application level, I can see:

pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mypc.domain.local user=myusername
pam_krb5[16353]: error reading keytab 'FILE:/etc/krb5.keytab'
pam_krb5[16353]: authentication succeeds for 'myusername' (myusername@DOMAIN.LOCAL)
Accepted password for myusername from 10.10.21.10 port 56615 ssh2
pam_unix(sshd:session): session opened for user myusername by (uid=0)

How do I get pam_krb5 to be used for the non-working server... Anyone?

Thank you very much for your time and assistance,

Xen.

Hi,

Turns out, the information I provided is incorrect. Sorry.

I can authenticate, and it does work ONLY if I have a local account created. I'd like to change to subject now... How can I have RHEL 6.5 create local account once I've authenticated, so that I can then log in? I've looked at oddjob, but I believe that just creates the home directory, which is also working.

Thank you for your patience and assistance!

Xen.