problem setting up ssh-krb5 from Debian Sarge
Wes Chow
wes at woahnelly.net
Sat Oct 30 01:17:20 EDT 2004
> Well, check your /etc/hosts file. I believe that Debian puts the
> hostname on the 127.0.0.1 line. This is not good.
Yeah I saw other postings about that, so I fixed it...
> You have libpam-openafs-session installed. Are you using it as a
> session module also?
> session required pam_openafs_session.so
I tried putting that line in /etc/pam.d/common-session and now I'm
getting this in auth.log:
Oct 30 01:09:18 jack sshd[529]: Authorized to wchow, krb5 principal
wchow at D2702.
ATHENACR.COM (krb5_kuserok)
Oct 30 01:09:18 jack sshd[529]: pam_openafs-krb5: open_session: Could
not find K
erberos tickets; not running aklog
Oct 30 01:09:18 jack sshd[529]: (pam_unix) session opened for user
wchow by (uid
=0)
Oct 30 01:09:18 jack sshd[529]: Accepted gssapi for wchow from
192.168.0.16 port
33003 ssh2
> Please show output from klist -f:
>From the client:
wchow at hippo:~$ klist -f
Ticket cache: FILE:/tmp/krb5cc_p18325
Default principal: wchow at D2702.ATHENACR.COM
Valid starting Expires Service principal
10/30/04 01:03:26 10/30/04 11:03:25
krbtgt/D2702.ATHENACR.COM at D2702.ATHENACR.COM
Flags: FPI
10/30/04 01:03:28 10/30/04 11:03:25
afs/d2702.athenacr.com at D2702.ATHENACR.COM
Flags: FPT
10/30/04 01:03:32 10/30/04 11:03:25
host/jack.dev.in.athenacr.com at D2702.ATHENACR.COM
Flags: FPT
Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
>From the remove host after sshing in:
wchow at jack:~$ klist -f
Ticket cache: FILE:/tmp/krb5cc_1000_snx537
Default principal: wchow at D2702.ATHENACR.COM
Valid starting Expires Service principal
10/30/04 01:13:42 10/30/04 11:03:25
krbtgt/D2702.ATHENACR.COM at D2702.ATHENACR.COM
Flags: FfPT
Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached
No AFS tokens acquired :(
Thanks,
Wes
--
http://www.woahnelly.net/~wes/ OpenPGP key = 0xA5CA6644
fingerprint = FDE5 21D8 9D8B 386F 128F DF52 3F52 D582 A5CA 6644
More information about the Kerberos
mailing list