[31695] in Kerberos
Re: Problem using Kerberos for user authentication --
daemon@ATHENA.MIT.EDU (Jeffrey Watts)
Fri Nov 13 11:34:03 2009
MIME-Version: 1.0
In-Reply-To: <c789fd70911120827h14ac91cbrc9aa48384625906e@mail.gmail.com>
Date: Fri, 13 Nov 2009 10:33:23 -0600
Message-ID: <65631e800911130833k5d3eb552o9aed059482816bd8@mail.gmail.com>
From: Jeffrey Watts <jeffrey.w.watts@gmail.com>
To: Steve Glasser <sgla9347@gmail.com>
Cc: kerberos@mit.edu
Reply-To: watts@jayhawks.net
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
That's really weird, I'm using that option and the ticket is created on
login. When I'm back in town I'll look closer.
Keep in mind, though, that I'm using current versions of PAM, pam_krb5 and
Kerberos with my RHEL5 systems, so it's possible that it's a bug fixed later
on.
Jeffrey.
On Thu, Nov 12, 2009 at 10:27 AM, Steve Glasser <sgla9347@gmail.com> wrote:
> Hi all,
>
> We are running Kerberos/Ldap on RHEL 5.2, both server and clients. We
> have found that if we set
> ChallengeResponseAuthentication yes
> in sshd_conf the result is no TGT ticket is created when a user logs
> in by ssh. This problem is detailed in a Debian bug report here; we
> don't see it having ever been fixed in redhat
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339734
> Setting
> PasswordAuthentication yes
> does work, at least in our environment.
>
> If anyone has any further information on this we'd appreciate it.
>
>
--
"He that would make his own liberty secure must guard even his enemy from
oppression; for if he violates this duty he establishes a precedent that
will reach to himself." -- Thomas Paine
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
