Can't get Russ' pam_krb5 module to work with ssh on RHEL5
Edgecombe, Jason
jwedgeco at uncc.edu
Mon Mar 5 10:19:58 EST 2012
Ok, should I set "KerberosAuthentication no" in my sshd config?
---------------------------------------------------------------------------
Jason Edgecombe | Linux and Solaris Administrator
UNC Charlotte | The William States Lee College of Engineering
9201 University City Blvd. | Charlotte, NC 28223-0001
Phone: 704-687-3514
jwedgeco at uncc.edu | http://coe.uncc.edu | Facebook
---------------------------------------------------------------------------
If you are not the intended recipient of this transmission or a person responsible for delivering it to the intended recipient, any disclosure, copying, distribution, or other use of any of the information in this transmission is strictly prohibited. If you have received this transmission in error, please notify me immediately by reply e-mail or by telephone at 704-687-3514. Thank you.
-----Original Message-----
From: Russ Allbery [mailto:rra at stanford.edu]
Sent: Friday, March 02, 2012 4:49 PM
To: Edgecombe, Jason
Cc: 'kerberos at mit.edu'
Subject: Re: Can't get Russ' pam_krb5 module to work with ssh on RHEL5
"Edgecombe, Jason" <jwedgeco at uncc.edu> writes:
> Ah, I do have "KerberosAuthentication yes" in my sshd config. Does
> pam_afs_session still run, then?
Yeah, sshd will still run the session stack. pam-krb5 won't do anything,
but pam-afs-session will pick up any existing KRB5CCNAME environment in
the PAM environment, which it looks like sshd does set up in this case,
and run aklog based on that.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list