Kerberos Woes

Configure Kerberos on Debian is a simple procedure. It merely consists of

aptitude install krb5-config krb5-user libpam-krb5

and following the prompts. A small bit of tweaking PAM and OpenSSH and the magic continues. Before I could stop it every user was getting tickets and forwarding them. And it was good.

Enter: Gentoo. My distribution of choice, at least, until recently. The installation of mit-krb5 and pam_krb5 goes well, tweaking PAM and OpenSSH goes well. Or so I thought! I spent most of yesterday going silly trying to determine exactly where my configuration was broken. I still don’t know. Perhaps it’s to do with pam_sm_setcred being called with PAM_REINITIALIZE_CRED? Logging into the (virtual) console works fine, while sshd doesn’t cache any credentials. This is, perhaps, not a major concern, but it’s rough around the edges without it. Examining a little further and you run into this:

Would the real pam_krb5 please stand up?

I give up, I’m going with what works, even if that means Debian