Solaris 9 latest OEM SSH + pam_krb5.so.1
Jeff Blaine
jblaine at kickflop.net
Tue Jan 9 20:17:58 EST 2007
Does anyone have a guess as to what I am doing wrong?
MIT Kerberos 1.5.1
Solaris 9 OEM SSH (latest patch cluster) with
'PAMAuthenticationViaKBDInt yes' and a pam.conf
as such (which clearly gets hit):
# Start pam.conf snippet
sshd-kbdint auth requisite pam_authtok_get.so.1
sshd-kbdint auth required pam_dhkeys.so.1
sshd-kbdint auth sufficient pam_krb5.so.1 debug try_first_pass
sshd-kbdint auth required pam_unix_auth.so.1
# End of pam.conf snippet
adm # ssh -vvv -l jblaine test.foo.com
...
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 22 padlen 10 extra_pad 64)
Connection closed by 192.168.168.100
debug1: Calling cleanup 0x47d2c(0x0)
adm #
debug.log:
Jan 9 20:04:13 test.foo.com sshd[462]: [ID 655841 auth.debug]
PAM-KRB5 (auth): pam_sm_authenticate flags=0
Jan 9 20:04:13 test.foo.com sshd[462]: [ID 549540 auth.debug]
PAM-KRB5 (auth): attempt_krb5_auth: start: user='jblaine'
Jan 9 20:04:13 test.foo.com sshd[462]: [ID 179272 auth.debug]
PAM-KRB5 (auth): attempt_krb5_auth: krb5_get_init_creds_password
returns: SUCCESS
krb5kdc.log:
Jan 09 20:04:13 test.foo.com krb5kdc[445](info): AS_REQ (2 etypes
{3 1}) 192.168.168.100: ISSUE: authtime 1168391053, etypes {rep=3
tkt=16 ses=1}, jblaine at JBTEST for krbtgt/JBTEST at JBTEST
More information about the Kerberos
mailing list