Can't get Russ' pam_krb5 module to work with ssh on RHEL5

Edgecombe, Jason jwedgeco at uncc.edu
Tue Mar 6 10:49:19 EST 2012


Thanks,

I think that I'll leave KerberosAuthenticiation enabled. When I disabled it, I didn't have tokens when I logged in using a password, intead of Kerberos tickets.

---------------------------------------------------------------------------
Jason Edgecombe | Linux and Solaris Administrator
UNC Charlotte | The William States Lee College of Engineering
9201 University City Blvd. | Charlotte, NC 28223-0001
Phone: 704-687-3514
jwedgeco at uncc.edu | http://coe.uncc.edu |  Facebook
---------------------------------------------------------------------------
If you are not the intended recipient of this transmission or a person responsible for delivering it to the intended recipient, any disclosure, copying, distribution, or other use of any of the information in this transmission is strictly prohibited. If you have received this transmission in error, please notify me immediately by reply e-mail or by telephone at 704-687-3514.  Thank you.

-----Original Message-----
From: Russ Allbery [mailto:rra at stanford.edu] 
Sent: Monday, March 05, 2012 2:12 PM
To: Edgecombe, Jason
Cc: 'kerberos at mit.edu'
Subject: Re: Can't get Russ' pam_krb5 module to work with ssh on RHEL5

"Edgecombe, Jason" <jwedgeco at uncc.edu> writes:

> Ok, should I set "KerberosAuthentication no" in my sshd config?

It's really your call.  If you're happy with how it works, I don't see a
compelling reason to change.  We don't use it, though; we use PAM.

One thing that you may lose with that (I haven't checked) is proper
handling of expired passwords.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list