[31330] in Kerberos
Re: Authenticating debian users against AD
daemon@ATHENA.MIT.EDU (bodik)
Thu Jul 30 08:21:34 2009
Message-ID: <4A719016.3090003@civ.zcu.cz>
Date: Thu, 30 Jul 2009 14:20:38 +0200
From: bodik <bodik@civ.zcu.cz>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <h4s102$c6a$1@atlantis.news.neostrada.pl>
X-ZCU-MailScanner-From: bodik@civ.zcu.cz
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
jarek wrote:
> Hi all!
>
> I've configured Debian with pam_krb5, and I can login using username and
> password to sshd. I've tried to use also ticket login, and I have
> problem with it. As I understand I need for this keytab file. But
> whenever I put krb5.keytab into /etc I can't login at all (even with
> password). auth.log says:
and what's content of your keytab ?
i think there has to be host/<hostname>@<realm> key for ssh ...
also, if you debug ssh access try to start sshd in debug mode `-d -vvv`
and client as well (with -vvv) .. you get a lot of messages what's goin on
> (pam_krb5): none: pam_sm_authenticate: entry (0x1)
> (pam_krb5): apache: attempting authentication as apache@TEST.LOCAL
> (pam_krb5): apache: credential verification failed: Server not found in
> Kerberos database
this stats that you messed up some naming in user/principals usage ?
there is no such pric in KDC (apache@TEST.LOCAL).
i'm not sure since i don't see a big picture. hope this helps ..
bodik
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
