Authenticating debian users against AD
bodik
bodik at civ.zcu.cz
Thu Jul 30 08:20:38 EDT 2009
jarek wrote:
> Hi all!
>
> I've configured Debian with pam_krb5, and I can login using username and
> password to sshd. I've tried to use also ticket login, and I have
> problem with it. As I understand I need for this keytab file. But
> whenever I put krb5.keytab into /etc I can't login at all (even with
> password). auth.log says:
and what's content of your keytab ?
i think there has to be host/<hostname>@<realm> key for ssh ...
also, if you debug ssh access try to start sshd in debug mode `-d -vvv`
and client as well (with -vvv) .. you get a lot of messages what's goin on
> (pam_krb5): none: pam_sm_authenticate: entry (0x1)
> (pam_krb5): apache: attempting authentication as apache at TEST.LOCAL
> (pam_krb5): apache: credential verification failed: Server not found in
> Kerberos database
this stats that you messed up some naming in user/principals usage ?
there is no such pric in KDC (apache at TEST.LOCAL).
i'm not sure since i don't see a big picture. hope this helps ..
bodik
More information about the Kerberos
mailing list