Marcus Better <[EMAIL PROTECTED]> writes: > Here it is:
> Nov 23 10:06:37 myhost sshd[18820]: (pam_krb5): none: > pam_sm_authenticate: entry > Nov 23 10:06:39 myhost sshd[18820]: (pam_krb5): marcus: > pam_sm_authenticate: exit (success) > Nov 23 10:06:39 myhost sshd[18818]: Accepted keyboard-interactive/pam > for marcus from 192.168.1.2 port 39812 ssh2 > Nov 23 10:06:39 myhost sshd[18821]: (pam_krb5): none: pam_sm_setcred: > entry (0x2) > Nov 23 10:06:39 myhost sshd[18821]: (pam_krb5): none: pam_sm_setcred: > exit (failure) This is very strange to me. Clearly, saving the credentials is indeed not working, and yet I have no trouble. Below I show starting from scratch with a configuration and succeeding. Is there something unusual in your configuration? Permissions on /tmp for ticket caches? I'm not sure what else could cause this. Does it happen with console login as well? There must be something different about your system than mine. Script started on Mon Nov 28 20:18:35 2005 wanderer:/root# aptitude install openssh-server libpam-krb5 [...] The following NEW packages will be installed: libpam-krb5 openssh-server 0 packages upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 0B/241kB of archives. After unpacking 561kB will be used. Preconfiguring packages ... Selecting previously deselected package libpam-krb5. (Reading database ... 92312 files and directories currently installed.) Unpacking libpam-krb5 (from .../libpam-krb5_1.2.0-1_i386.deb) ... Selecting previously deselected package openssh-server. Unpacking openssh-server (from .../openssh-server_1%3a4.2p1-5_i386.deb) ... Setting up libpam-krb5 (1.2.0-1) ... Setting up openssh-server (4.2p1-5) ... Creating SSH2 RSA key; this may take some time ... Creating SSH2 DSA key; this may take some time ... Restarting OpenBSD Secure Shell server: sshd. wanderer:/root# cat >! /etc/pam.d/common-auth auth sufficient pam_krb5.so ignore_root auth required pam_unix.so try_first_pass nullok_secure wanderer:/root# cat >! /etc/pam.d/common-session session optional pam_krb5.so ignore_root session required pam_unix.so wanderer:/root# cat /etc/pam.d/ssh # PAM configuration for the Secure Shell service # Read environment variables from /etc/environment and # /etc/security/pam_env.conf. auth required pam_env.so # [1] # Standard Un*x authentication. @include common-auth # Standard Un*x authorization. @include common-account # Standard Un*x session setup and teardown. @include common-session # Print the message of the day upon successful login. session optional pam_motd.so # [1] # Print the status of the user's mailbox upon successful login. session optional pam_mail.so standard noenv # [1] # Set up user limits from /etc/security/limits.conf. session required pam_limits.so # Set up SELinux capabilities (need modified pam) # session required pam_selinux.so multiple # Standard Un*x password updating. @include common-password wanderer:/root# ssh -l thoron localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. RSA key fingerprint is 76:2a:82:88:77:17:d5:15:b0:8b:e7:1c:e4:ac:29:2d. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (RSA) to the list of known hosts. [EMAIL PROTECTED]'s password: Linux wanderer 2.6.14-2-686 #1 Mon Nov 14 14:19:05 UTC 2005 i686 GNU/Linux Last login: Mon Nov 21 15:19:54 2005 from wanderer.stanford.edu [EMAIL PROTECTED]:~$ klist Ticket cache: FILE:/tmp/krb5cc_1001_yMu5vb Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 11/28/05 20:20:58 11/29/05 06:20:43 krbtgt/[EMAIL PROTECTED] Kerberos 4 ticket cache: /tmp/tkt1001 klist: You have no tickets cached [EMAIL PROTECTED]:~$ logout Connection to localhost closed. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
