problem setting up ssh-krb5 from Debian Sarge
Wes Chow
wes at woahnelly.net
Fri Oct 29 12:31:44 EDT 2004
I'm still having the same problem...
I've copied your sshd_config:
> # To change Kerberos options
> KerberosAuthentication yes
> #KerberosOrLocalPasswd yes
> #AFSTokenPassing no
> KerberosTicketCleanup yes
>
> # Kerberos TGT Passing does only work with the AFS kaserver or krb5
> KerberosTgtPassing yes
>
> #GSSAPI authentication
> GSSAPIAuthentication yes
> GSSAPIKeyExchange yes
> GSSAPIUseSessionCredCache yes
installed libpam-krb5, set CLOSE_SESSIONS as yes, and put this in my
common-auth:
auth sufficient pam_krb5.so
auth required pam_unix.so nullok_secure
All the keytab stuff was set up from before. In my original email,
sent a while back, I also mentioned that I can used kerberized telnet
just fine, so the keytab stuff should be correct. It's specifically
PAM stuff that isn't working. This is all Debian Sarge...
But maybe I can work around the system... the principle reason why
I'm interested in ssh is because I'd like a X to be automatically
exported. If there's some way to do that automatically with
Kerberized rsh or telnet, then I'd be happy with that too. The only
reason why I'm fiddling with PAM is to get the automatic X with ssh.
We rarely log into these machines through the console, and if then,
only as root.
I guess my question is what's the recommended way to export X
automatically through a remote login with the fewest security
implications?
Thanks,
Wes
--
http://www.woahnelly.net/~wes/ OpenPGP key = 0xA5CA6644
fingerprint = FDE5 21D8 9D8B 386F 128F DF52 3F52 D582 A5CA 6644
More information about the Kerberos
mailing list