search for: kerberosorlocalpasswd

...ther defaults as is ) I didnt found "kerberos" in the selection-list. But with "libpam-krb5" installed it is shown. @David: Did you enable Kerberos authentication in /etc/ssh/sshd_config? I see to select: # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes What should I enable from these? > > Type id username > You see a correct shell and correct and existing homedir? $ LANG=POSIX id oliver uid=1000(oliver) gid=1000(oliver) groups=1000(oliver),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lpadmin),111(s...

...hentication=no sshd has been started along with the following command-line configuration settings. # /opt/ssh/sbin/sshd -o "usepam yes" -o "challengeresponseauthentication no" -o "kerberosauthentication no" -o "passwordauthentication yes" -o "kerberosorlocalpasswd no" Authentication ,Password management modules were set to "libpam_krb5.so.1" and Session,Account management modules were set to "libpam_unix.so.1" in pam configuation file. During ssh conneciton, Kerberos password got succeeded when the ssh client was prompted for pas...

...ectory authentication set up on the server. It involved several modifications to the sshd_config file. I am listing the changes that were made for the benefit of the group: # Change to no to disable s/key passwords ChallengeResponseAuthentication no # Kerberos options KerberosAuthentication yes #KerberosOrLocalPasswd yes KerberosTicketCleanup yes KerberosGetAFSToken yes # GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials yes There is one more caveat that I need to overcome. So far, one domain user account is able to log into the server at the console, or through an SSH connection. However, any...

..._known_hosts RhostsRSAAuthentication no # RSAAuthentication yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no # Uncomment to disable s/key passwords #SkeyAuthentication no # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes CheckMail no UseLogin no

...n and HostbasedAuthentication #IgnoreUserKnownHosts no # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no PermitEmptyPasswords no # Change to no to disable PAM authentication #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #AFSTokenPassing no # Kerberos TGT Passing only works with the AFS kaserver #KerberosTgtPassing no #X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #KeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvir...

.../key passwords #ChallengeResponseAuthentication no # Uncomment to enable PAM keyboard-interactive authentication # Warning: enabling this may bypass the setting of ''PasswordAuthentication'' #PAMAuthenticationViaKbdInt yes # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes X11Forwarding yes X11DisplayOffset 256 PrintMotd no #PrintLastLog no KeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net #ReverseMappingChe...

...hostsRSAAuthentication no # RSAAuthentication yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no # Uncomment to disable s/key passwords #ChallengeResponseAuthentication no # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes #CheckMail yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net #ReverseMappingCheck yes Subsystem sftp /usr/libexec/openssh/sftp-server Carl

...er's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable s/key passwords ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through t...

...er's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through t...

http://bugzilla.mindrot.org/show_bug.cgi?id=774 Summary: banner is displaying twice (/etc/issue) Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Solaris Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy:

...t. But with "libpam-krb5" >> installed it is shown. >> >> @David: Did you enable Kerberos authentication in /etc/ssh/sshd_config? >> I see to select: >> >> # Kerberos options >> #KerberosAuthentication no >> #KerberosGetAFSToken no >> #KerberosOrLocalPasswd yes >> #KerberosTicketCleanup yes >> >> What should I enable from these? >>> Type id username >>> You see a correct shell and correct and existing homedir? >> $ LANG=POSIX id oliver >> uid=1000(oliver) gid=1000(oliver) >> >> groups=1000(ol...

...;kerberos" in the selection-list. But with "libpam-krb5" > installed it is shown. > > @David: Did you enable Kerberos authentication in /etc/ssh/sshd_config? > I see to select: > > # Kerberos options > #KerberosAuthentication no > #KerberosGetAFSToken no > #KerberosOrLocalPasswd yes > #KerberosTicketCleanup yes > > What should I enable from these? > > > > Type id username > > You see a correct shell and correct and existing homedir? > $ LANG=POSIX id oliver > uid=1000(oliver) gid=1000(oliver) > > groups=1000(oliver),4(adm),24(cdrom),2...

...erver. It involved several modifications to the sshd_config file. I am listing the changes that were made for the benefit of the group: > > > # Change to no to disable s/key passwords > ChallengeResponseAuthentication no > > # Kerberos options > KerberosAuthentication yes > #KerberosOrLocalPasswd yes > KerberosTicketCleanup yes > KerberosGetAFSToken yes > > # GSSAPI options > GSSAPIAuthentication yes > GSSAPICleanupCredentials yes > > There is one more caveat that I need to overcome. So far, one domain user account is able to log into the server at the > console,...

http://bugzilla.mindrot.org/show_bug.cgi?id=1180 Summary: Add finer-grained controls to sshd Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: dtucker at

..._known_hosts RhostsRSAAuthentication no # RSAAuthentication yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no # Uncomment to disable s/key passwords #SkeyAuthentication no # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes CheckMail no UseLogin no

...ven though <http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=98269278629018&w=2> mentions fixing it. This causes things like kinit to fail with a somewhat uninformative error message. The relevant sshd_config lines I use are: # To change Kerberos options KerberosAuthentication yes KerberosOrLocalPasswd yes #AFSTokenPassing no KerberosTicketCleanup yes # Kerberos TGT Passing does only work with the AFS kaserver KerberosTgtPassing no I'm using MIT Kerberos. As far as I can tell (after scanning the code for a few hours and I'm not a programmer) the problem is in auth_krb5_password. 2...

...VE_READPASSPHRASE is undefined. If I undefine HAVE_READPASSPHRASE, make clean, and make, everything compiles, but when I try to turn on sshd, I get: /usr/local/etc/sshd_config: line 68: Bad configuration option: KerberosAuthentication /usr/local/etc/sshd_config: line 69: Bad configuration option: KerberosOrLocalPasswd /usr/local/etc/sshd_config: line 70: Bad configuration option: KerberosTicketCleanup /usr/local/etc/sshd_config: line 74: Bad configuration option: AFSTokenPassing /usr/local/etc/sshd_config: line 77: Bad configuration option: KerberosTgtPassing /usr/local/etc/sshd_config: terminating, 5 bad config...

...# Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords #PasswordAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variabl...

...;kerberos" in the selection-list. But with "libpam-krb5" > installed it is shown. > > @David: Did you enable Kerberos authentication in /etc/ssh/sshd_config? > I see to select: > > # Kerberos options > #KerberosAuthentication no > #KerberosGetAFSToken no > #KerberosOrLocalPasswd yes > #KerberosTicketCleanup yes > > What should I enable from these? > > > > Type id username > > You see a correct shell and correct and existing homedir? > $ LANG=POSIX id oliver > uid=1000(oliver) gid=1000(oliver) > > groups=1000(oliver),4(adm),24(cdrom),2...

...n and HostbasedAuthentication #IgnoreUserKnownHosts no # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #AFSTokenPassing no # Kerberos TGT Passing only works with the AFS kaserver #KerberosTgtPassing no # Set this to 'yes' to enable PAM keyboard-interactive authentication # Warning: enabling this may bypass the setting of 'PasswordAuthentication' #PAM...