On Wed, Feb 13, 2002 at 02:50:46PM -0800, sara sodagar wrote: > Hi > I am using RH7.1 .I want to setup a Kerberos 5 client with > Kerberos-enabled OPENSSH. > I have installed following rpms: > openssh-2.9p2-11.7 > openssh-client-2.9p2-11.7 > openssh-server-2.9p2-11.7 > pam-0.74-22 > pam-krb5-1.31-1 > pam-devel-0.74-22 > krb5-devel-1.2.2-12 > krb5-libs-1.2.2-12 > krb5-workstation-1.2.2.12 > I have attached my /etc/pam.d/sshd and /etc/pam.d/system-auth . > I run kinit and then want to ssh to another kerberized machine > without a password , but it promts to me for password. You're using the wrong tools for the job. pam_krb5 does NOT provide passwordless access to remote Kerberized servers; it only verifies provided passwords against a KDC by requesting a TGT on the user's behalf. If you want passwordless, Kerberized SSH, you should look at Simon Wilkinson's external-keyx patches to OpenSSH. There are several different Kerberos options for SSH, but I understand this one is considered the cleanest. You will have to change both your ssh client and your ssh server (as Kerberos must be supported on both sides). Steve Langasek postmodern programmer
Attachment:
pgp00038.pgp
Description: PGP signature
