ldap, kerberos and ssh-krb5

To: debian-user@lists.debian.org
Subject: ldap, kerberos and ssh-krb5
From: David Parutki <parutki@yahoo.com>
Date: Sun, 8 May 2005 13:26:58 -0700 (PDT)
Message-id: <[🔎] 20050508202658.49917.qmail@web60523.mail.yahoo.com>

I have a working installation with account information
in ldap, workstations accessing account information
via libnss-ldap and nscd. Further, a kerberos kdc with
principals matcing users in ldap. All machines have a
krb5.keytab. Home directories are currently served via
nfs from one server to the workstations.

Local login at workstations work by the use of
libpam-heimdal, for console and kdm. And the user
logging in gets a ticket granting ticket as expected. 

One problem remains however with this centralized
setup: ssh between workstations, which I fail to get
working. It keeps asking for a password and does not
let anyone in.

OTOH, if I have local users on the machines (no ldap
service), the ssh-krb5 package work as expected. After
a kinit to get a valid tgt, a user can ssh another
machine and get a shell. In the process the user on
the ssh client machine gets a ticket for the server.
This works beautifylly with the default /etc/pam.d/ssh
file and no need to type a password.

But with the centralized account handling described
above I'm running out of options. Do I need to modify
the /etc/pam.d/ssh file although I do not want to send
any passwords over the network (even in a
ssh-session)?

Any help appreciated.


		
__________________________________ 
Yahoo! Mail Mobile 
Take Yahoo! Mail with you! Check email on your mobile phone. 
http://mobile.yahoo.com/learn/mail

Reply to:

Follow-Ups:
- Re: ldap, kerberos and ssh-krb5
  - From: Mark Roach <mrroach@okmaybe.com>

Prev by Date: Ctrl + F11 not working in Eclipse
Next by Date: Re: Ctrl + F11 not working in Eclipse
Previous by thread: Re: reply to all
Next by thread: Re: ldap, kerberos and ssh-krb5
Index(es):
- Date
- Thread