Kerberos Woes
Configure Kerberos on Debian is a simple procedure. It merely consists of
aptitude install krb5-config krb5-user libpam-krb5
and following the prompts. A small bit of tweaking PAM and OpenSSH and the magic continues. Before I could stop it every user was getting tickets and forwarding them. And it was good.
Enter: Gentoo. My distribution of choice, at least, until recently. The installation of mit-krb5 and pam\_krb5 goes well, tweaking PAM and OpenSSH goes well. Or so I thought! I spent most of yesterday going silly trying to determine exactly where my configuration was broken. I still don’t know. Perhaps it’s to do with pam\_sm\_setcred being called with PAM\_REINITIALIZE\_CRED? Logging into the (virtual) console works fine, while sshd doesn’t cache any credentials. This is, perhaps, not a major concern, but it’s rough around the edges without it. Examining a little further and you run into this:
Would the real pam\_krb5 please stand up?
I give up, I’m going with what works, even if that means Debian