[31697] in Kerberos
Re: Problem using Kerberos for user authentication --
daemon@ATHENA.MIT.EDU (Russ Allbery)
Fri Nov 13 14:36:38 2009
From: Russ Allbery <rra@stanford.edu>
To: Steve Glasser <sgla9347@gmail.com>
In-Reply-To: <c789fd70911120827h14ac91cbrc9aa48384625906e@mail.gmail.com>
(Steve Glasser's message of "Thu, 12 Nov 2009 08:27:06 -0800")
Date: Fri, 13 Nov 2009 11:35:44 -0800
Message-ID: <87vdhekyjz.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Steve Glasser <sgla9347@gmail.com> writes:
> We are running Kerberos/Ldap on RHEL 5.2, both server and clients. We
> have found that if we set
> ChallengeResponseAuthentication yes
> in sshd_conf the result is no TGT ticket is created when a user logs
> in by ssh. This problem is detailed in a Debian bug report here; we
> don't see it having ever been fixed in redhat
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339734
> Setting
> PasswordAuthentication yes
> does work, at least in our environment.
Red Hat and Debian use completely different code bases for pam-krb5. That
particular bug (ssh running PAM in odd contexts and discarding PAM data)
is something that I thought Red Hat's PAM module had its own workaround
for using shared memory or some such thing, but since I don't use it, I'm
not sure.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
