[Bug 280407] Authentication fails when using pam_krb5.so
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 280407] Authentication fails when using pam_krb5.so"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 04 Oct 2024 23:43:01 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280407 Oliver Kiddle <okiddle@yahoo.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |okiddle@yahoo.co.uk --- Comment #7 from Oliver Kiddle <okiddle@yahoo.co.uk> --- I'm hitting this same problem. Adding allow_kdc_spoof does allow it to work but how does one go about "ensuring that the endpoint has a keytab with the KDC's key in it"? If I run `ktutil -k /etc/krb5.keytab list` it lists three keys for the client where the principal is host/fqdn@REALM. What key is needed - I don't want to be putting something that's meant to be a private key on all my clients? The KDC doesn't have an `/etc/krb5.keytab` but there was a master key setup in `/var/heimdal/m-key`. And while that option may fix pam_krb5, I'm also failing to get Kerberos working with NFS. -- You are receiving this mail because: You are the assignee for the bug.