Re: ldap, kerberos and ssh-krb5

To: debian-user@lists.debian.org
Subject: Re: ldap, kerberos and ssh-krb5
From: David Parutki <parutki@yahoo.com>
Date: Mon, 9 May 2005 15:01:11 -0700 (PDT)
Message-id: <[🔎] 20050509220111.5900.qmail@web60518.mail.yahoo.com>

Thanks to Mark for the debug hint.

I did the debug thing for two users, one local to both
client and server, and one in ldap.

For the local user a few lines from the logs look
like:

Authorized to test1, krb5 principal test1@BOGUS.COM
(krb5_kuserok)
debug3: PAM: do_pam_account pam_acct_mgmt = 0
Accepted gssapi-with-mic for test1 from
::ffff:192.168.1.3 port 48465 ssh2

With the user in ldap, the call to pam_acct_mgmt fails
with code 9.

I then received a tip about the option UsePAM in
sshd_config. After setting this to no, it works for
both users.

It seems I'm cutting of some potentially good methods
by expunging PAM from the scene but perhaps this is
the "right way" of doing it.



		
__________________________________ 
Do you Yahoo!? 
Make Yahoo! your home page 
http://www.yahoo.com/r/hs

Reply to:

Prev by Date: Re: problems with a new kernel
Next by Date: smp kernel boots from Knoppix but not Sarge
Previous by thread: Re: ldap, kerberos and ssh-krb5
Next by thread: Re: ldap, kerberos and ssh-krb5
Index(es):
- Date
- Thread