FYI: Kerberos on RHEL5
Edgecombe, Jason
jwedgeco at uncc.edu
Fri Apr 6 14:02:32 EDT 2007
Hi Everyone,
This is a heads-up for anyone using kerberos on RedHat Enterprise Linux
5.
I just solved a problem that's been a royal pain for me.
I had console and gdm logins working fine for RHEL5 and I got kerberos
single-signon working for ssh, but I had trouble getting password
authenticaio working. It would accept my kerberos password, but I would
have any tickets or tokens.
To solve my problem, I had to enable the use_shmem option in
/etc/krb5.conf. for use with sshd.
Here is the appdefaults section of my /etc/krb5.conf:
[appdefaults]
pam = {
afs_cells = mycell.com
ccache_dir = /tmp
forwardable = true
tokens = sshd
external = sshd
use_shmem = sshd
}
This was extremely irritating because my previous config files work on
RHEL5 beta2.
I can now login using kerberos credentials on console or ssh.
There are some quirks. sshd take about 5-10 seconds to login, it seems
to pause just after the "opening session" debug message in the secure
log. It also grabs a kerberos 4 ticket and gets tokens, but it doesn't
have a ticket for the afs service principal in the ticket cache.
Anyways, my stuff works now and I'm happy for the moment. I just wanted
to document this to save others the pain.
Sincerely,
Jason Edgecombe
Solaris & Linux Administrator
Mosaic Computing Group, College of Engineering
UNC-Charlotte
Phone: (704) 687-3514
More information about the Kerberos
mailing list