Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Kerberos5/AFS Support in 3.9?

from [Sensei] Network Security [Permanent Link]
Subject: Kerberos5/AFS Support in 3.9?
Date: Thu, 26 Aug 2004 17:30:30 +0200 
Hi. I hope someone can help me.

I'm trying to make openssh 3.9 support ticket/token forwarding for a
single sign on: passwordless ssh sessions. I use pam_krb5 for kerberos
authentication and pam_openafs_session for running aklog, and this is my
system-auth pam file (used by all services):

auth       required     /lib/security/pam_env.so
auth       sufficient   /lib/security/pam_unix.so nodelay nullok
auth       sufficient   /lib/security/pam_krb5.so forwardable
use_first_pass
auth       required     /lib/security/pam_deny.so

account    required     /lib/security/pam_unix.so

password   required     /lib/security/pam_cracklib.so retry=3
password   sufficient   /lib/security/pam_unix.so nullok md5 shadow
use_authtok
password   required     /lib/security/pam_deny.so

session    required     /lib/security/pam_unix.so
session    optional     /lib/security/pam_krb5.so
session    optional     /lib/security/pam_openafs-krb5.so
session    required     /lib/security/pam_limits.so


Now, I have this problem: the passwordless ssh seems to be really
broken, since it seems it does *not* forward the kerberos 5 tickets. So,
every time, I have to enter a password.

It seems that ssh does not support kerberos and SSO... Please help me!

PS. I tried Kerberos*, GSSAPI*, UsePAM but *NOTHING* works...

-- 
Sensei <mailto:senseiwa@tin.it>
          
The optimist says "Tomorrow is sunday".
The pessimist says "The day after tomorrow is moday". (Gustave Flaubert)

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Kerberos5/AFS Support in 3.9?, Sensei <=
Previous by Date:  RE: HELP please! Why is the agent NOT recognized, Christopher.Fouts
Next by Date:  Re: HELP please! Why is the agent NOT recognized, docks
Previous by Thread:  ssh, passphrases and stdin, David E. Meier
Next by Thread:  Host keys after cloning, Ugo Bellavance
Indexes:  [Date] [Thread] [Top] [All Lists]