SSH and Kerberos in Solaris 9

Douglas E. Engert deengert at anl.gov
Wed Oct 26 15:37:48 EDT 2005


What is the rest of the environment? Is this all SEAM? Are your
KDCs MIT, Heimdal or Windows ADs?

We use the MIT code Kerberos code on Solaris 9, but on Solaris 10
we have been able to use the SOlaris Kerberos support.

What version of SSH are you using?

henrik wrote:

>     Hello
> I have kerberos working on a Solaris 9 box in the sense that if I type:
> 
>    kinit henrik
> 
> the system authenticates the password without error. I need to get ssh
> to accept the kerberos authentication. In Linux it was easy to do, but
> I am having trouble configuring the Solaris /etc/pam.conf file to make
> this work. Uncommenting this section:
> 
> #
> # Support for Kerberos V5 authentication (uncomment to use Kerberos)
> #
> rlogin		auth optional		pam_krb5.so.1 try_first_pass
> login		auth optional		pam_krb5.so.1 try_first_pass
> other		auth optional		pam_krb5.so.1 try_first_pass
> cron		account optional 	pam_krb5.so.1
> other		account optional 	pam_krb5.so.1
> other		session optional 	pam_krb5.so.1
> other		password optional 	pam_krb5.so.1 try_first_pass
> 
> does not make ssh accept kerberos passwords for ssh logins. As a test I
> enabled telnet and with telnet things fail as well:
> 
> login: henrik
> Password:
> Enter Kerberos password for henrik:
> authentication failed:  Unknown code 2
> 
> On the login prompt the kerberos password is accepted, but then it
> requests it again and the same password fails. I really am not
> interested in getting telnet to work, it was just for diagnosis I tried
> it.
> 
> Any help would be appreciated.
>   
>     - Henrik
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


More information about the Kerberos mailing list