SSH and Kerberos in Solaris 9
Douglas E. Engert
deengert at anl.gov
Wed Oct 26 15:37:48 EDT 2005
What is the rest of the environment? Is this all SEAM? Are your
KDCs MIT, Heimdal or Windows ADs?
We use the MIT code Kerberos code on Solaris 9, but on Solaris 10
we have been able to use the SOlaris Kerberos support.
What version of SSH are you using?
henrik wrote:
> Hello
> I have kerberos working on a Solaris 9 box in the sense that if I type:
>
> kinit henrik
>
> the system authenticates the password without error. I need to get ssh
> to accept the kerberos authentication. In Linux it was easy to do, but
> I am having trouble configuring the Solaris /etc/pam.conf file to make
> this work. Uncommenting this section:
>
> #
> # Support for Kerberos V5 authentication (uncomment to use Kerberos)
> #
> rlogin auth optional pam_krb5.so.1 try_first_pass
> login auth optional pam_krb5.so.1 try_first_pass
> other auth optional pam_krb5.so.1 try_first_pass
> cron account optional pam_krb5.so.1
> other account optional pam_krb5.so.1
> other session optional pam_krb5.so.1
> other password optional pam_krb5.so.1 try_first_pass
>
> does not make ssh accept kerberos passwords for ssh logins. As a test I
> enabled telnet and with telnet things fail as well:
>
> login: henrik
> Password:
> Enter Kerberos password for henrik:
> authentication failed: Unknown code 2
>
> On the login prompt the kerberos password is accepted, but then it
> requests it again and the same password fails. I really am not
> interested in getting telnet to work, it was just for diagnosis I tried
> it.
>
> Any help would be appreciated.
>
> - Henrik
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list