The other systems are OpenSSH but may be a little older... The problem you speak of, Does it allow access just not create the ticket cache? You can get into the system and after you are in, can manually run kinit and get your TGT and the system creates the ticket cache as it should... I know one difference in the builds is that the new build of SSH has tcpwrapper support and the old does not.. One of the reasons for the update... is to build in a little more protection... See-ya Mitch At 12:40 PM 11/28/2001 -0600, Steve Langasek wrote: >Hi Mitch, > >On Wed, Nov 28, 2001 at 01:25:08PM -0500, Mitchell Baker wrote: > > Background: > > > Solaris 8 system which has had Titan run on it. Using the pam-krb5 > > module from Sourceforge. Will authenticate but will not create ticket > > cache.. Get this following error in the logs: > > > Nov 27 16:46:51 SYSTEM sshd[644]: [ID 551190 auth.debug] pam_krb5: > > pam_sm_authenticate(sshd USERNAME): entry: > > Nov 27 16:46:51 SYSTEM sshd[644]: [ID 551190 auth.debug] pam_krb5: > > pam_sm_authenticate(sshd USERNAME): exit: success > > Nov 27 16:46:51 SYSTEM sshd[644]: [ID 800047 auth.debug] debug1: PAM > > Password authentication accepted for user "USERNAME" > > > Any ideas? This is working on other system we have. The main diff is > > Titan was not run on them... > >Hmm, are you using the same ssh server (vendor & version) on both >machines? I have personally had no problems using password >authentication with pam_krb5 in OpenSSH, although there's a known issue >where OpenSSH compiled with PAM support will not allow RSA >authentication when configured to use this pam_krb5 module, because >OpenSSH incorrectly treats an error code from pam_setcred() as fatal >when it should not be. > >Regards, >Steve Langasek >postmodern programmer /####################################################################/ /# Mitchell "Buzz" Baker "To Infinity And Beyond..." #/ /# Sr. Systems Admin Rose-Hulman Institute of Technology #/ /# Mitchell.D.Baker@rose-hulman.edu www.rose-hulman.edu #/ /# For PGP Public key, check out www.keyserver.net #/ /####################################################################/
