I am having trouble with this working, Is anyone on this list have any experience with it? The pam module that ships with Solaris 8 does the right thing and on the console I can get a login and a working tgt placed in the correct file in /tmp. (btw : using mit krb5-1.2.3/Solaris 8/Openssh 3.0.2p1) Now i have tried just openssh and openssh patched with the gss-api/krb5 patches. For just plain ssh i get logged in and then it kicks me out: Feb 20 12:10:46 tomax sshd[798]: [ID 705685 auth.debug] PAM-KRB5: pam_sm_authenticate Feb 20 12:10:46 tomax sshd[798]: [ID 729219 auth.debug] PAM-KRB5: pam_sm_auth prompting for password Feb 20 12:10:46 tomax sshd[798]: [ID 257133 auth.error] PAM-KRB5: no warning possible Feb 20 12:10:46 tomax sshd[798]: [ID 800047 auth.info] Accepted password for derek from 128.8.128.206 port 49183 ssh2 Feb 20 12:10:46 tomax sshd[798]: [ID 390226 auth.error] PAM-KRB5:Could not obtain principal name Feb 20 12:10:46 tomax sshd[798]: [ID 833576 auth.debug] pam_setcred: error Permission denied Feb 20 12:10:46 tomax sshd[798]: [ID 174864 auth.debug] PAM-KRB5: krb5_cleanup pam_sm_auth_status(0) For the patched version i get logged in but no credendials are stored: Feb 20 12:10:17 tomax sshd[775]: [ID 800047 auth.info] Accepted password for derek from 128.8.128.206 port 49182 ssh2 Feb 20 12:10:17 tomax sshd[777]: [ID 800047 auth.info] ssh_gssapi_do_child: Unknown mechanism pam.conf looks like : login auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass debug login auth required /usr/lib/security/$ISA/pam_unix.so.1 login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1 sshd auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass debug sshd auth required /usr/lib/security/$ISA/pam_unix.so.1 which should be the same... but it works on the console.. Anyone have any pointers? -- --- Derek T. Yarnell University of Maryland Computer Science Department Unix Staff derek@cs.umd.edu
