[31328] in Kerberos
Authenticating debian users against AD
daemon@ATHENA.MIT.EDU (jarek)
Thu Jul 30 08:03:12 2009
From: jarek <jarek@nospam.pl>
Date: Thu, 30 Jul 2009 13:40:43 +0200
Message-ID: <h4s102$c6a$1@atlantis.news.neostrada.pl>
Mime-Version: 1.0
X-Complaints-To: usenet@news.neostrada.pl
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi all!
I've configured Debian with pam_krb5, and I can login using username and
password to sshd. I've tried to use also ticket login, and I have
problem with it. As I understand I need for this keytab file. But
whenever I put krb5.keytab into /etc I can't login at all (even with
password). auth.log says:
(pam_krb5): none: pam_sm_authenticate: entry (0x1)
(pam_krb5): apache: attempting authentication as apache@TEST.LOCAL
(pam_krb5): apache: credential verification failed: Server not found in
Kerberos database
(pam_krb5): apache: pam_sm_authenticate: exit (failure)
pam_unix(ssh:auth): authentication failure; logname= uid=0 euid=0
tty=ssh ruser= rhost=192.168.1.181 user=apache
I've created keytab for apache, which is used by
libapache2-mod-auth-kerb and it works - I can login with kerberos ticket.
The keytab was created on W2008 server with the following command:
ktpass -out host-nms.keytab -princ host/test-nms.test.local@TEST.LOCAL
-mapuser host-test-nms@TEST.LOCAL -mapOp set -pass <secret> -crypto
DES-CBC-MD5 -pType KRB5_NT_PRINCIPAL +DesOnly
By the way, can someone tell me what for is this password in ktpass
command ?
Best regards
J.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
