Re: ldap, kerberos and ssh-krb5
From: David Parutki (parutki_at_yahoo.com)
Date: 05/10/05
- Previous message: Sergio Basurto Juarez: "Re: problems with a new kernel"
- Maybe in reply to: David Parutki: "ldap, kerberos and ssh-krb5"
- Next in thread: David Parutki: "Re: ldap, kerberos and ssh-krb5"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 9 May 2005 15:01:11 -0700 (PDT) To: debian-user@lists.debian.org
Thanks to Mark for the debug hint.
I did the debug thing for two users, one local to both
client and server, and one in ldap.
For the local user a few lines from the logs look
like:
Authorized to test1, krb5 principal test1@BOGUS.COM
(krb5_kuserok)
debug3: PAM: do_pam_account pam_acct_mgmt = 0
Accepted gssapi-with-mic for test1 from
::ffff:192.168.1.3 port 48465 ssh2
With the user in ldap, the call to pam_acct_mgmt fails
with code 9.
I then received a tip about the option UsePAM in
sshd_config. After setting this to no, it works for
both users.
It seems I'm cutting of some potentially good methods
by expunging PAM from the scene but perhaps this is
the "right way" of doing it.
__________________________________
Do you Yahoo!?
Make Yahoo! your home page
http://www.yahoo.com/r/hs
-- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- Previous message: Sergio Basurto Juarez: "Re: problems with a new kernel"
- Maybe in reply to: David Parutki: "ldap, kerberos and ssh-krb5"
- Next in thread: David Parutki: "Re: ldap, kerberos and ssh-krb5"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
