problem setting up ssh-krb5 from Debian Sarge

Wes Chow wes at
Fri Oct 29 12:31:44 EDT 2004

I'm still having the same problem...

I've copied your sshd_config:

> # To change Kerberos options
> KerberosAuthentication yes
> #KerberosOrLocalPasswd yes
> #AFSTokenPassing no
> KerberosTicketCleanup yes
> # Kerberos TGT Passing does only work with the AFS kaserver or krb5
> KerberosTgtPassing yes
> #GSSAPI authentication
> GSSAPIAuthentication yes
> GSSAPIKeyExchange yes
> GSSAPIUseSessionCredCache yes

installed libpam-krb5, set CLOSE_SESSIONS as yes, and put this in my

auth    sufficient
auth    required nullok_secure

All the keytab stuff was set up from before.  In my original email,
sent a while back, I also mentioned that I can used kerberized telnet
just fine, so the keytab stuff should be correct.  It's specifically
PAM stuff that isn't working.  This is all Debian Sarge...

But maybe I can work around the system...  the principle reason why
I'm interested in ssh is because I'd like a X to be automatically
exported.  If there's some way to do that automatically with
Kerberized rsh or telnet, then I'd be happy with that too.  The only
reason why I'm fiddling with PAM is to get the automatic X with ssh.
We rarely log into these machines through the console, and if then,
only as root.

I guess my question is what's the recommended way to export X
automatically through a remote login with the fewest security


--          OpenPGP key = 0xA5CA6644
fingerprint = FDE5 21D8 9D8B 386F 128F  DF52 3F52 D582 A5CA 6644

More information about the Kerberos mailing list