Craig Gallek <[EMAIL PROTECTED]> writes: > On Sun, 2006-01-01 at 18:16 -0800, Russ Allbery wrote:
>> Oh, also, note that the new module correctly separates authentication >> and session management (so that it will work correctly with xlock >> programs, among other reasons), which means that you do have to run the >> krb5 PAM module in the session section as well as auth, passing it the >> same arguments as you would for auth. > Here is my expanded ssh pam configuration. I believe that it is > correctly using the krb5 pam module in the session section. Yeah, that looks fine to me. Your Kerberos password doesn't work with this configuration, with ChallengeResponseAuthentication off and PasswordAuthentication turned on? If that's correct, could you add "debug" to the pam_krb5.so lines and then send me the syslog output that it produces? -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
