Bug 171920

Summary:	pam_krb5: ChallengeResponse with openssh-server fails
Product:	Gentoo Linux	Reporter:	Tim Boundy <gigaplex>
Component:	[OLD] Core system	Assignee:	Gentoo Linux bug wranglers <bug-wranglers>
Status:	RESOLVED DUPLICATE
Severity:	major
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339734
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	Draft ebuild for version bump of pam_krb5

Description Tim Boundy 2007-03-23 15:14:28 UTC

I encountered the exact same problem as listed at the given URL:

"I use OpenSSH with PAM authentication (UsePAM yes) and the pam_krb5
module. When I log in with SSH, the server correctly checks the
password agains Kerberos, but the ticket is not saved, so I have to do
"kinit" and authenticate again."


Reproducible: Always

Steps to Reproduce:
1. Set up Kerberos based authentication, http://aput.net/~jheiss/krbldap/howto.html is what was used in this case.
2. Set up SSH to use Kerberos as a backend to allow for single sign-on and ticket forwarding.
3. SSH into client using a Kerberos user account.
Actual Results:  
Kerberos Tickets used in authentication arent cached.

Expected Results:  
Tickets should be cached (in /tmp/krb5cc-$UID*) which should be forwarded through.

The Debian box on the network worked fine, however the Gentoo one did not. The Gentoo pam_krb5 package is extremely outdated, so an ebuild was hacked up to use the version hosted at http://www.eyrie.org/~eagle/software/pam-krb5/ - the new version solved the issue.

Comment 1 Tim Boundy 2007-03-23 15:16:48 UTC

Created attachment 114135 [details]
Draft ebuild for version bump of pam_krb5

The ebuild will need some cleanup regarding hard-coded paths, headers etc but should be suitable for testing purposes.

Comment 2 Jakub Moc (RETIRED) gentoo-dev

2007-03-23 15:31:28 UTC

There's already ebuild for this in Bug 163840, please continue there.

*** This bug has been marked as a duplicate of bug 163840 ***