[Bug 280407] Authentication fails when using pam_krb5.so

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 280407] Authentication fails when using pam_krb5.so"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 26 Jul 2024 19:49:05 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280407

--- Comment #4 from Cy Schubert <cy@FreeBSD.org> ---
Confirmed with:

auth            required        pam_krb5.so             no_warn try_first_pass
debug 

I was able to log in using my krb5 password with:

auth            sufficient      pam_krb5.so             no_warn try_first_pass
debug

The machine I tested on uses LDAP accounts. Passwords are not served by LDAP.
Only my KDC handles authentication. There is no other way to log into that
machine, proving that my KDC authenticated.

Jul 26 12:48:01 cwsys sshd[42117]: Accepted keyboard-interactive/pam for cy
from 10.1.1.91 port 43327 ssh2

The customer should change the "required" to "sufficient". The krb5
documentation I've read always says sufficient.

-- 
You are receiving this mail because:
You are the assignee for the bug.