On Sun, 2006-01-01 at 19:20 -0800, Russ Allbery wrote: > Yeah, that looks fine to me. Your Kerberos password doesn't work with > this configuration, with ChallengeResponseAuthentication off and > PasswordAuthentication turned on?
That is correct. I've attached the debug output for pam_krb5.so with ChallengeResponseAuthentication both on and off. ChallengeResponseAuthentication yes: Jan 1 22:30:36 optimus sshd[4660]: (pam_krb5): none: pam_sm_authenticate: entry Jan 1 22:30:40 optimus sshd[4660]: (pam_krb5): cgallek: pam_sm_authenticate: exit (success) Jan 1 22:30:40 optimus sshd[4660]: Accepted keyboard-interactive/pam for cgallek from 192.168.0.14 port 50990 ssh2 Jan 1 22:30:40 optimus sshd[4663]: (pam_krb5): none: pam_sm_setcred: entry (0x2) Jan 1 22:30:40 optimus sshd[4663]: (pam_krb5): cgallek: pam_sm_setcred: initializing cred cache /tmp/krb5cc_1000_1FoGHs Jan 1 22:30:40 optimus sshd[4663]: pam_krb5: verify_krb_v5_tgt(): krb5_kt_read_service_key(): Permission denied Jan 1 22:30:40 optimus sshd[4663]: (pam_krb5): cgallek: pam_sm_setcred: exit (success) Jan 1 22:30:40 optimus sshd[4663]: (pam_unix) session opened for user cgallek by (uid=0) Jan 1 22:30:40 optimus sshd[4663]: (pam_krb5): none: pam_sm_setcred: entry (0x8) Jan 1 22:30:40 optimus sshd[4663]: (pam_krb5): cgallek: pam_sm_setcred: attempting to refresh cred cache FILE:/tmp/krb5cc_0.1 Jan 1 22:30:40 optimus sshd[4663]: (pam_krb5): cgallek: pam_sm_setcred: initializing cred cache FILE:/tmp/krb5cc_0.1 Jan 1 22:30:40 optimus sshd[4663]: (pam_krb5): cgallek: krb5_cc_initialize(): Internal credentials cache error Jan 1 22:30:40 optimus sshd[4660]: (pam_krb5): cgallek: krb5_cc_destroy: ctx->cache: /tmp/file21Rgkg --------------------------------------------------------- ChallengeResponseAuthentication no with kerberos password: Jan 1 22:33:40 optimus sshd[4688]: Failed password for cgallek from 192.168.0.14 port 50991 ssh2 --------------------------------------------------------- ChallengeResponseAuthentication no with unix password: Jan 1 22:34:02 optimus sshd[4688]: Accepted password for cgallek from 192.168.0.14 port 50991 ssh2 Jan 1 22:34:02 optimus sshd[4690]: (pam_krb5): none: pam_sm_setcred: entry (0x2) Jan 1 22:34:02 optimus sshd[4690]: (pam_krb5): none: pam_sm_setcred: exit (failure) Jan 1 22:34:02 optimus sshd[4690]: (pam_unix) session opened for user cgallek by (uid=0) Jan 1 22:34:02 optimus sshd[4690]: (pam_krb5): none: pam_sm_setcred: entry (0x8) Jan 1 22:34:02 optimus sshd[4690]: (pam_krb5): none: pam_sm_setcred: exit (failure) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
