Thanks in advance,
Anthony,
On 2 Jun 2004, at 01:17, Darren Tucker wrote:
Anthony Ramm wrote:I have been trying to get the PAM Krb5 module to work for the past few days and was wondering if it would be possible for someone to point me in the right direction regarding some problems I am having. I'm using a gentoo system with MIT Kerberos5 v1.3.3, PAM v0.77 and PAM_krb5 version 2.1.0. When I ssh into the box I can login, but whilst I get a TGT allocated (I can see it being allocated on the KDC)
Assuming you're using OpenSSH: http://bugzilla.mindrot.org/show_bug.cgi?id=688
Possible solutions:
* Compile sshd to use threads. This is the best known solution right now, but opens a whole can of thread-safety worms.
* There's a patch attached to the bug that creates the credential cache before sshd's authentication "thread" (a process, actually) exits.
* Current development versions can also do Password authentication via PAM (via a "blind" conversation function) in addition to ChallengeResponse. This happens in the immediate ancestor of the shell, so the info stashed by the module (presumably with pam_set_data()?) during authentication doesn't get lost.
> Also, I'm asked for the password three times, where I > can enter nonsense, before it prompts me for root@host password.
This is described (briefly) in the sshd_config man page description of UsePAM and the comments in sshd_config. Basically, if you want to authenticate via PAM, set "PasswordAuthentication no" in sshd_config
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
