[27191] in Kerberos
Solaris 9 latest OEM SSH + pam_krb5.so.1
daemon@ATHENA.MIT.EDU (Jeff Blaine)
Tue Jan 9 20:18:42 2007
Message-ID: <45A43EC6.7020809@kickflop.net>
Date: Tue, 09 Jan 2007 20:17:58 -0500
From: Jeff Blaine <jblaine@kickflop.net>
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Does anyone have a guess as to what I am doing wrong?
MIT Kerberos 1.5.1
Solaris 9 OEM SSH (latest patch cluster) with
'PAMAuthenticationViaKBDInt yes' and a pam.conf
as such (which clearly gets hit):
# Start pam.conf snippet
sshd-kbdint auth requisite pam_authtok_get.so.1
sshd-kbdint auth required pam_dhkeys.so.1
sshd-kbdint auth sufficient pam_krb5.so.1 debug try_first_pass
sshd-kbdint auth required pam_unix_auth.so.1
# End of pam.conf snippet
adm # ssh -vvv -l jblaine test.foo.com
...
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 22 padlen 10 extra_pad 64)
Connection closed by 192.168.168.100
debug1: Calling cleanup 0x47d2c(0x0)
adm #
debug.log:
Jan 9 20:04:13 test.foo.com sshd[462]: [ID 655841 auth.debug]
PAM-KRB5 (auth): pam_sm_authenticate flags=0
Jan 9 20:04:13 test.foo.com sshd[462]: [ID 549540 auth.debug]
PAM-KRB5 (auth): attempt_krb5_auth: start: user='jblaine'
Jan 9 20:04:13 test.foo.com sshd[462]: [ID 179272 auth.debug]
PAM-KRB5 (auth): attempt_krb5_auth: krb5_get_init_creds_password
returns: SUCCESS
krb5kdc.log:
Jan 09 20:04:13 test.foo.com krb5kdc[445](info): AS_REQ (2 etypes
{3 1}) 192.168.168.100: ISSUE: authtime 1168391053, etypes {rep=3
tkt=16 ses=1}, jblaine@JBTEST for krbtgt/JBTEST@JBTEST
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
