Subject: | |
From: | |
Reply To: | |
Date: | Tue, 28 Oct 2008 09:12:24 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Felix Engel wrote:
> Hello,
>
> we are using ssh and pam_krb5 to login to kerberized machines. Login is
> successful and the client obtains a ticket for the user logging in.
> However the credentials cache is not initialized. I think that might be
> related to the following bug:
> https://bugzilla.mindrot.org/show_bug.cgi?id=688
> Has anybody seen this behaviour or can give any advice on how to fix
> that? The above case recommends using SSH's threaded mode, however I
> think that would require recompilation and the remainder of the
> configuration is identical to the one that works on Debian/Etch and
> FedoraCore4 installations.
>
> Regards,
> Felix
>
Hi,
You never said which version of SL, openssh, or pam_krb5.
For us, the problem is usually on the client, because by default, it does not
delegate credentials. So in /etc/ssh/ssh_config you have to set
GSSAPIDelegateCredentials yes
Troy
--
__________________________________________________
Troy Dawson [log in to unmask] (630)840-6468
Fermilab ComputingDivision/LCSI/CSI DSS Group
__________________________________________________
|
|
|