Can't get ssh over k5/afs working well
Sensei
noone at nowhere.org
Fri Aug 13 09:18:27 EDT 2004
Hi.
I have a mixed linux lab. A server based on debian (ssh 3.4p1) and
clients based on gentoo (ssh version 3.8p1). My infrastructure is based
on mit kerberos 5 and openafs. All I'd like to do is to make ssh
sessions passwordless, based on the tickets. On both systems I use pam
authentication via libpam-krb5 and gain the token via
libpam-openafs-session && aklog (the debian packages). The pam_krb5.so
module has flags ``use_first_pass forwardable''.
Now, how do I enable passwordless ssh GAINING the correct tickets and
tokens? Those are my settings:
=== ssh 3.8p1 sshd_config excerpt:
KerberosAuthentication yes
KerberosTicketCleanup yes
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
=== ssh 3.8p1 ssh_config excerpt:
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
=== ssh 3.4p1 sshd_config excerpt:
KerberosAuthentication yes
KerberosTicketCleanup yes
KerberosTgtPassing yes
GSSAPIAuthentication yes
GSSAPIKeyExchange yes
GSSAPIUseSessionCredCache yes
=== ssh 3.4p1 ssh_config excerpt:
KerberosAuthentication yes
KerberosTGTPassing yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
--
Sensei <mailto:senseiwa at tin.it>
<icqnum:241572242>
<msn-id:Sensei_Sen at hotmail.com>
Error: Keyboard not found. Press F1 to continue...
More information about the Kerberos
mailing list