Authenticating debian users against AD

bodik bodik at
Thu Jul 30 08:20:38 EDT 2009

jarek wrote:
> Hi all!
> I've configured Debian with pam_krb5, and I can login using username and 
> password to sshd. I've tried to use also ticket login, and I have 
> problem with it. As I understand I need for this keytab file. But 
> whenever I put krb5.keytab into /etc I can't login at all (even with 
> password). auth.log says:

and what's content of your keytab ?

i think there has to be host/<hostname>@<realm> key for ssh ...

also, if you debug ssh access try to start sshd in debug mode `-d -vvv`
and client as well (with -vvv) .. you get a lot of messages what's goin on

> (pam_krb5): none: pam_sm_authenticate: entry (0x1)
> (pam_krb5): apache: attempting authentication as apache at TEST.LOCAL
> (pam_krb5): apache: credential verification failed: Server not found in 
> Kerberos database

this stats that you messed up some naming in user/principals usage ?
there is no such pric in KDC (apache at TEST.LOCAL).

i'm not sure since i don't see a big picture. hope this helps ..


More information about the Kerberos mailing list