Re: openPAM and Kerberos in FreeBSD13

From: Lexi Winter <lexi_at_le-fay.org>
Date: Thu, 22 Feb 2024 02:00:43 UTC
Michael Voorhis:
> I'm trying to get SSH and Kerberos working on my FreeBSD13 machine.  I
> can authenticate to the KDC using kinit, no problem, but no amount of
> playing will allow me to login to a machine using SSHD and PAM.
> 
> Have played with /etc/pam.d/system and /etc/pam.d/sshd endlessly.

you shouldn't need to edit anything in /etc/pam.d to make Kerberos
authentication via SSH work.  that *is* required to have a Kerberos
ticket obtained for the user on login, but that's something you would
usually have for console logins, not SSH logins.

have you enabled GSSAPI authentication in sshd?  in /etc/ssh/sshd_config:

GSSAPIAuthentication yes