[Bug 280407] Authentication fails when using pam_krb5.so

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 04 Oct 2024 23:43:01 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280407

Oliver Kiddle <okiddle@yahoo.co.uk> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |okiddle@yahoo.co.uk

--- Comment #7 from Oliver Kiddle <okiddle@yahoo.co.uk> ---
I'm hitting this same problem. Adding allow_kdc_spoof does allow it to work but
how does one go about "ensuring that the endpoint has a keytab with the KDC's
key in it"? If I run `ktutil -k /etc/krb5.keytab list` it lists three keys for
the client where the principal is host/fqdn@REALM. What key is needed - I don't
want to be putting something that's meant to be a private key on all my
clients? The KDC doesn't have an `/etc/krb5.keytab` but there was a master key
setup in `/var/heimdal/m-key`.

And while that option may fix pam_krb5, I'm also failing to get Kerberos
working with NFS.

-- 
You are receiving this mail because:
You are the assignee for the bug.