Bug#339734: openssh-server: Kerberos tickets are not saved (pam_krb5)
Package: openssh-server
Version: 1:4.2p1-5
Severity: normal
I use OpenSSH with PAM authentication (UsePAM yes) and the pam_krb5
module. When I log in with SSH, the server correctly checks the
password agains Kerberos, but the ticket is not saved, so I have to do
"kinit" and authenticate again.
README.Debian mentions that Kerberos ticket saving does not work with
privilege separation. But I have "UsePrivilegeSeparation no" in
sshd_config, and it still doesn't work.
I seem to remember that turning off privilege separation used to work
with OpenSSH 3.x, but apparently this is no longer the case.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-kelev
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)
Versions of packages openssh-server depends on:
ii adduser 3.77 Add and remove users and groups
ii debconf [debconf-2.0] 1.4.58 Debian configuration management sy
ii dpkg 1.13.11.0.1 package maintenance system for Deb
ii libc6 2.3.5-6 GNU C Library: Shared libraries an
ii libcomerr2 1.38-2 common error description library
ii libkrb53 1.3.6-5 MIT Kerberos runtime libraries
ii libpam-modules 0.79-3 Pluggable Authentication Modules f
ii libpam-runtime 0.79-3 Runtime support for the PAM librar
ii libpam0g 0.79-3 Pluggable Authentication Modules l
ii libselinux1 1.26-1 SELinux shared libraries
ii libssl0.9.8 0.9.8a-3 SSL shared libraries
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
ii openssh-client 1:4.2p1-5 Secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.3-4 compression library - runtime
openssh-server recommends no packages.
-- debconf information:
ssh/insecure_rshd:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
ssh/encrypted_host_key_but_no_keygen:
* ssh/disable_cr_auth: false
Reply to: