Kerberos5/AFS Support in 3.9?

From: Sensei (senseiwa_at_tin.it)
Date: 08/26/04

  • Next message: docks: "Re: HELP please! Why is the agent NOT recognized"
    To: OpenSSH <secureshell@securityfocus.com>
    Date: Thu, 26 Aug 2004 17:30:30 +0200
    
    
    

    Hi. I hope someone can help me.

    I'm trying to make openssh 3.9 support ticket/token forwarding for a
    single sign on: passwordless ssh sessions. I use pam_krb5 for kerberos
    authentication and pam_openafs_session for running aklog, and this is my
    system-auth pam file (used by all services):

    auth required /lib/security/pam_env.so
    auth sufficient /lib/security/pam_unix.so nodelay nullok
    auth sufficient /lib/security/pam_krb5.so forwardable
    use_first_pass
    auth required /lib/security/pam_deny.so

    account required /lib/security/pam_unix.so

    password required /lib/security/pam_cracklib.so retry=3
    password sufficient /lib/security/pam_unix.so nullok md5 shadow
    use_authtok
    password required /lib/security/pam_deny.so

    session required /lib/security/pam_unix.so
    session optional /lib/security/pam_krb5.so
    session optional /lib/security/pam_openafs-krb5.so
    session required /lib/security/pam_limits.so

    Now, I have this problem: the passwordless ssh seems to be really
    broken, since it seems it does *not* forward the kerberos 5 tickets. So,
    every time, I have to enter a password.

    It seems that ssh does not support kerberos and SSO... Please help me!

    PS. I tried Kerberos*, GSSAPI*, UsePAM but *NOTHING* works...

    -- 
    Sensei <mailto:senseiwa@tin.it>
              
    The optimist says "Tomorrow is sunday".
    The pessimist says "The day after tomorrow is moday". (Gustave Flaubert)
    
    



  • Next message: docks: "Re: HELP please! Why is the agent NOT recognized"