Kerberos Woes
Configure Kerberos on Debian is a simple procedure. It merely consists of
aptitude install krb5-config krb5-user libpam-krb5
and following the prompts. A small bit of tweaking PAM and OpenSSH and the magic continues. Before I could stop it every user was getting tickets and forwarding them. And it was good.
Enter: Gentoo. My distribution of choice, at least, until recently. The installation of mit-krb5 and pam_krb5 goes well, tweaking PAM and OpenSSH goes well. Or so I thought! I spent most of yesterday going silly trying to determine exactly where my configuration was broken. I still don’t know. Perhaps it’s to do with pam_sm_setcred being called with PAM_REINITIALIZE_CRED? Logging into the (virtual) console works fine, while sshd doesn’t cache any credentials. This is, perhaps, not a major concern, but it’s rough around the edges without it. Examining a little further and you run into this:
Would the real pam_krb5 please stand up?
I give up, I’m going with what works, even if that means Debian
About this entry
You’re currently reading “Kerberos Woes,” an entry on blog.cons.org.nz
- Published:
- 01.06.05 / 3am
- Category:
- Linux



No comments
Jump to comment form | comments rss [?] | trackback uri [?]