Pam kerberos vs. Kinit
Luis Daniel Lucio Quiroz
dlucio at okay.com.mx
Fri Mar 18 10:09:40 EST 2005
The problem I see on uskng pam krb is that ticket is on server not on
workstation. Maybe you could use flag addressless to fix this issue. but I
am not sure.
LD
Le Vendredi 18 Mars 2005 07:10, Wyllys Ingersoll a écrit :
> Douglas E. Engert wrote:
> > > I've just run another test and discovered that I can successfully
> > > log into the host initially (via PAM kerberos library and SSH), and
> > > I don't get error 52. I've got a ticket in my cache and
> > > everything. Kerb error 52 only occurs if I'm using kinit from the
> > > shell.
> >
> > You could be right on the cut over point, and maybe addressless vs
> > with address tickets keep the ticket just small enough.
>
> When the client does not do pre-authentication, does AD still
> send PAC data? I thought it did not, but I'm not certain.
>
> -Wyllys
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list