Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [suse-security] heimdal (kerberos) with openssh
From: paul kaiser (pkizeyahoo.com)
Date: Thu Mar 24 2005 - 08:10:31 CST
i created a principals in the database using kadmin -l.
i copied the information regarding the local host to /etc/krb5.keytab and
/etc/srvtab on each local host using ktutil get. from reading the literature i
am assuming /etc/krb5.keytab contains only the principals for that particular
host, and not the principals for every host.
--- Roland Kuhn <rkuhne18.physik.tu-muenchen.de> wrote:
> Hi Paul!
> On Mar 23, 2005, at 5:36 PM, paul kaiser wrote:
> > i am using suse professional 9.1.
> > i have installed heimdal (kerberos) from the distribution cdroms on a
> > realm
> > server. i have installed openssh from the distribution cdroms on all
> > hosts.
> > all the hosts are kerberos clients
> > authentication and ticket granting appear to be working fine on all
> > hosts.
> > if i am reading the suse manual correctly, i should be able to slogin
> > between
> > hosts without being asked for a password.
> > this is actually working from any host to the kerberos server!
> > however, slogin from the server to any other host
> > and slogin between any two (non-server) hosts prompts for a password.
> > i have recompiled openssh
> > --with-pam --with-kerberos5=/usr/lib/heimdal
> > but to no avail. the same prompting for password occurs.
> > any suggestions would be appreciated!
> Have you created host principals and stored the relevant keystashes on
> the respective hosts?
> TU Muenchen, Physik-Department E18, James-Franck-Str. 85747 Garching
> Telefon 089/289-12592; Telefax 089/289-12570
> A mouse is a device used to point at
> the xterm you want to type in.
> Kim Alm on a.s.r.
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here