Authenticating debian users against AD
jarek
jarek at nospam.pl
Thu Jul 30 07:40:43 EDT 2009
Hi all!
I've configured Debian with pam_krb5, and I can login using username and
password to sshd. I've tried to use also ticket login, and I have
problem with it. As I understand I need for this keytab file. But
whenever I put krb5.keytab into /etc I can't login at all (even with
password). auth.log says:
(pam_krb5): none: pam_sm_authenticate: entry (0x1)
(pam_krb5): apache: attempting authentication as apache at TEST.LOCAL
(pam_krb5): apache: credential verification failed: Server not found in
Kerberos database
(pam_krb5): apache: pam_sm_authenticate: exit (failure)
pam_unix(ssh:auth): authentication failure; logname= uid=0 euid=0
tty=ssh ruser= rhost=192.168.1.181 user=apache
I've created keytab for apache, which is used by
libapache2-mod-auth-kerb and it works - I can login with kerberos ticket.
The keytab was created on W2008 server with the following command:
ktpass -out host-nms.keytab -princ host/test-nms.test.local at TEST.LOCAL
-mapuser host-test-nms at TEST.LOCAL -mapOp set -pass <secret> -crypto
DES-CBC-MD5 -pType KRB5_NT_PRINCIPAL +DesOnly
By the way, can someone tell me what for is this password in ktpass
command ?
Best regards
J.
More information about the Kerberos
mailing list