Can use kerberized telnet, but cannot use pam_krb5
Ralf Hildebrandt
Ralf.Hildebrandt at charite.de
Wed Feb 1 11:33:15 EST 2006
* Douglas E. Engert <deengert at anl.gov>:
> Did you add the host account to AD?
Yes.
> Did you run the MS ktpass to set the service principal in the account,
Yes.
> set the password on the acocunt, and generate a kettab file?
Yes.
> Did you copy the keytab file back to the Unix system?
Yes.
> See
> http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/kerbstep.mspx
I did EXACTLY that.
Meanwhile, I'm down to this in my /etc/pam.d/openvpn-krb5 file:
auth requisite pam_krb5.so no_ccache debug
account required pam_permit.so
This works IF AND ONLY IF the account I try to login as (hildeb in my
example) exists in /etc/passwd. I log in using the Kerberos Password
(the password from /etc/passwd DOES NOT WORK), but for unknown reasons
the system insists on the existance of the local account "hildeb" :(
--
_________________________________________________
Charité - Universitätsmedizin Berlin
_________________________________________________
Ralf Hildebrandt
i.A. Geschäftsbereich Informationsmanagement
Campus Benjamin Franklin
Hindenburgdamm 30 | Berlin
Tel. +49 30 450 570155 | Fax +49 30 450 570962
Ralf.Hildebrandt at charite.de
http://www.charite.de
More information about the Kerberos
mailing list