Problem using Kerberos for user authentication -- ChallengeResponseAuthentication
Russ Allbery
rra at stanford.edu
Fri Nov 13 14:35:44 EST 2009
Steve Glasser <sgla9347 at gmail.com> writes:
> We are running Kerberos/Ldap on RHEL 5.2, both server and clients. We
> have found that if we set
> ChallengeResponseAuthentication yes
> in sshd_conf the result is no TGT ticket is created when a user logs
> in by ssh. This problem is detailed in a Debian bug report here; we
> don't see it having ever been fixed in redhat
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339734
> Setting
> PasswordAuthentication yes
> does work, at least in our environment.
Red Hat and Debian use completely different code bases for pam-krb5. That
particular bug (ssh running PAM in odd contexts and discarding PAM data)
is something that I thought Red Hat's PAM module had its own workaround
for using shared memory or some such thing, but since I don't use it, I'm
not sure.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list