Kerberos5/AFS Support in 3.9?
From: Sensei (senseiwa_at_tin.it)
To: OpenSSH <firstname.lastname@example.org> Date: Thu, 26 Aug 2004 17:30:30 +0200
Hi. I hope someone can help me.
I'm trying to make openssh 3.9 support ticket/token forwarding for a
single sign on: passwordless ssh sessions. I use pam_krb5 for kerberos
authentication and pam_openafs_session for running aklog, and this is my
system-auth pam file (used by all services):
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so nodelay nullok
auth sufficient /lib/security/pam_krb5.so forwardable
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_krb5.so
session optional /lib/security/pam_openafs-krb5.so
session required /lib/security/pam_limits.so
Now, I have this problem: the passwordless ssh seems to be really
broken, since it seems it does *not* forward the kerberos 5 tickets. So,
every time, I have to enter a password.
It seems that ssh does not support kerberos and SSO... Please help me!
PS. I tried Kerberos*, GSSAPI*, UsePAM but *NOTHING* works...
-- Sensei <mailto:email@example.com> The optimist says "Tomorrow is sunday". The pessimist says "The day after tomorrow is moday". (Gustave Flaubert)
- application/pgp-signature attachment: This is a digitally signed message part