Pam, Host Keys

Roman S kleinerroemer at hotmail.com
Fri Jul 27 04:06:00 EDT 2007



Hey Guys!I've got the quest of kerberising a network and got into some problems.I've set up a testnetwork with 2 mashines running Red Hat Enterprise Linux WS release 4 (Nahant Update 4).The goal is, to set up a working KDC and Admin Server and Kerberised SSH, with single sign on.I've accomplished to set up the KDC, Admin Server and SSH is also working over Kerberos, so the only problem right now is single-sign on.It may be good to mention, that user accounts are centralized over NIS (should be kerberised ldap in future).Those are the problems I have right now:If I rlogin on one of the two mashines (from a third host), rlogin lets me in with either the NIS pwd (secend pwd prompt, because first one fails) or the kerberos pwd. In both cases, I don't get a TGT.I've run system-config-authentication and activated Kerberos Authentication, which has abolutely NO effect on the login process, no matter where and how I login.If I add "auth       sufficient   pam_krb5.so" in the /etc/pam.d/gdm file, I get a TGT after the login in Gnome. But this also works, if I dissable Kerberos Authentication in system-config-authentication. This was the only approge I made for single-sign-on.This whole pam thing seems quite messy to me.The other thing is, that I don't quite get why I have to administrate my known-host-files for ssh. Each host has his own principal, so why does SSH prompts the user in case of changed/unknown HostKeys.I hope someone can help me out with these things, because they're starting to drive me crazy!Best regardskleinerroemer
_________________________________________________________________
Testen Sie Live.com - die schnelle, personalisierte Homepage, über die Sie auf alle für Sie relevanten Inhalte zentral zugreifen können.
http://www.live.com/getstarted


More information about the Kerberos mailing list