Can't get ssh over k5/afs working well

Sensei noone at nowhere.org
Fri Aug 13 09:18:27 EDT 2004


Hi.

I have a mixed linux lab. A server based on debian (ssh 3.4p1) and 
clients based on gentoo (ssh version 3.8p1). My infrastructure is based 
on mit kerberos 5 and openafs. All I'd like to do is to make ssh 
sessions passwordless, based on the tickets. On both systems I use pam 
authentication via libpam-krb5 and gain the token via 
libpam-openafs-session && aklog (the debian packages). The pam_krb5.so 
module has flags ``use_first_pass forwardable''.

Now, how do I enable passwordless ssh GAINING the correct tickets and 
tokens? Those are my settings:

=== ssh 3.8p1 sshd_config excerpt:

KerberosAuthentication yes
KerberosTicketCleanup yes
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes

=== ssh 3.8p1 ssh_config excerpt:

GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes

=== ssh 3.4p1 sshd_config excerpt:

KerberosAuthentication yes
KerberosTicketCleanup yes
KerberosTgtPassing yes
GSSAPIAuthentication yes
GSSAPIKeyExchange yes
GSSAPIUseSessionCredCache yes

=== ssh 3.4p1 ssh_config excerpt:

KerberosAuthentication yes
KerberosTGTPassing yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
-- 
Sensei    <mailto:senseiwa at tin.it>
           <icqnum:241572242>
           <msn-id:Sensei_Sen at hotmail.com>
Error: Keyboard not found. Press F1 to continue...


More information about the Kerberos mailing list