Openssh and Kerberos

Suchun Wu suchun18 at rogers.com
Mon Mar 25 20:58:25 EST 2002


Thanks for your response. I'm using Mit Kerberos5 (newest version) pam_krb5 module. I got concurrent log problem solved by using the switch in /etc/pam/conf as follows:
sshd auth required /usr/lib/security/$ISA/pam_unix.so.1    acceptor

I can now loggin as many times as I like. It creates a credential cache by tagging a (0). I'm not sure if it's ok or not for ticket forwarding.

The problem still remains: I cannot change my password at KDC by using kpasswd. It got a core dumped. Any help would be appreciated.

Suchun

---------------------
Suchun.Wu at bmo.com wrote:
: I just compiled SSH v3.1.0p1 with the GSSAPI and opnessh patches included
: on a Solaris 8 box. It works
: fine, well I get my password authenticated by the KDC on a W2K box. But I
: have
: remarked that my credential cache in /tmp directory is owned by the root.
: Is it correct?

Errm. No. The crendtials cache should be owned by you. I take it from your
description that you are authenticating by password to the SSH server.

Are you using PAM on Solaris? Is it possible that the Kerberos authentication
is being done by the pam_krb5 module?

Are you using MIT Kerberos or Heimdal? As far as I'm aware, the patches
for 3.1p1 and MIT Kerberos won't write out any credentials cache when you
authenticate by password. This is a bug which I'm investigating, but doesn't
explain your problem.

Cheers,

Simon.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/kerberos/attachments/20020325/6e8c0efc/attachment.htm


More information about the Kerberos mailing list