SSH, Solaris 8 Kerberos Client and Windows 2000 KDC
Candice Quates
candice at sect232.org
Mon Sep 9 19:56:02 EDT 2002
In article <00fc01c24da2$ff3be030$ad978dca at sharayu>,
Parag Godkar <paragg at konark.ncst.ernet.in> wrote:
><snipped>
>However, when people ssh to solaris 8 servers - following
>symptoms are observed -
>
>1. People can ssh once and login. But another ssh session is
> denied.
>
>2. Running the "klist" command in the logged in session
> of ssh gives the following error -
>
> klist: Credentials cache file permissions incorrect
> while setting cache flags (ticket cache /tmp/krb5cc_1003)
>
> I checked the permissions in /tmp and observed that the
> cache is owned by "root" instead of the logged in person.
>
>3. After the person logs out, he is denied login access unless
> I manually delete his cached credentials from /tmp.
>
>What is notable is that "telnet" to solaris 8 servers works
>just fine and has no such problems.
>
>I saw that there was some discussion on this topic in the
>mailing list archives but no definite solution.
>
>Is this a problem with ssh server on Solaris 8 or a problem
>with kerberos on Solaris 8 or what is it ?
Okay, I'm going to go out on a limb here and hope that
you are running OpenSSH on Solaris 8. This sounds exactly
like the problem that I had when authenticating SSH with PAM.
Jason Heiss posted a solution in this group on the thread
"kerberos, ssh, and solaris8" in May, short version is that
OpenSSH makes a call to a broken mechanism in PAM, causing
the credential-writing process to fail midway through login.
Candice
--
candice at sect232.org
More information about the Kerberos
mailing list