OpenSSH 3.1p1 w/patches + MIT KRB5 + PAM

[Derek Yarnell]

I am trying to replace the need to have a stored crypt on the
local machine through the use of Krb5. However I am having some
problems with ssh and krb5. This is on Solaris 8.

Ok I have patched Openssh 3.1p1 with the GSSAPI patches and
rebuilt with --with-pam --sysconfdir=/etc/ssh --kerberos5=/opt/krb5

I have also a working krb5 distribution that I can login to the
console with the pam lines

login   auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
login   auth required   /usr/lib/security/$ISA/pam_unix.so.1
login   auth required   /usr/lib/security/$ISA/pam_dial_auth.so.1

The login succeeds and I get my credentials correctly. However
I do get a line like this:

Apr 11 14:12:38 xamot login: [ID 257133 auth.error] PAM-KRB5: no warning 
possible

But when i use the same line for ssh w/ the other keyword, eg:

other   auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 
try_first_pass debug
other   auth required   /usr/lib/security/$ISA/pam_unix.so.1

But when I ssh i get logged in it looks like it gets logged in
but then kicks me right out. But the krb5kdc logs don't show any
sort of authentication

# /opt/openssh-3.1p1-patched/bin/ssh derek at tomax
derek at tomax's password:
Last login: Thu Apr 11 14:24:15 2002 from xamot.cs.umd.ed
debug1: PAM establishing creds
Connection to tomax closed.

In the debug log i get this :

Apr 11 14:28:22 tomax.cs.umd.edu sshd[28308]: [ID 390226 user.error] 
PAM-KRB5:Cou
ld not obtain principal name
Apr 11 14:28:22 tomax.cs.umd.edu sshd[28308]: [ID 833576 user.debug] 
pam_setcred:
  error Permission denied

Why does this work for login but does not for ssh? I can post my
sshd -d logs but there is not much I can see going on there.

Thanks for the help.