Subject: Re: kerberos with NetBSD 2.0
To: None <netbsd-help@netbsd.org>
From: Jukka Salmi <j+nbsd@2005.salmi.ch>
List: netbsd-help
Date: 07/11/2005 13:05:16
Thierry Lacoste --> netbsd-help (2005-07-11 12:31:59 +0200):
> I installed an apache server on 2.0. with SSL and mod_auth_kerb.
> I also installed pure-ftpd so that authors can upload their web pages.
> My plan is to make pure-ftpd use kerberos authentication and
> local identification (authors will have a local account with their home
> directory inside the directory exported by apache).
> The problem is that I can't even su or login:
>
> $ su - lacostet
> lacostet@MIAGE.UNIV-PARIS12.FR's Password:
> su: krb5_verify_user: failed to find
> host/pegase.miage.univ-paris12.fr@MIAGE.UNIV-PARIS12.FR in keytab
> FILE:/etc/krb5.keytab
What does `ktutil list' tell?
> kinit works:
>
> $ kinit lacostet
> lacostet@MIAGE.UNIV-PARIS12.FR's Password:
> kinit: NOTICE: ticket renewable lifetime is 1 week
> kinit: converting creds: Cannot contact any KDC for requested realm
If you don't use Kerberos IV you should probably set
`krb4_get_tickets = false' in your krb5.conf.
> $ klist
> Credentials cache: FILE:/tmp/krb5cc_1000
> Principal: lacostet@MIAGE.UNIV-PARIS12.FR
>
> Issued Expires Principal
> Jul 11 12:07:03 Jul 11 22:07:03
> krbtgt/MIAGE.UNIV-PARIS12.FR@MIAGE.UNIV-PARIS12.FR
> Jul 11 12:07:03 Jul 11 22:07:03
> krbtgt/MIAGE.UNIV-PARIS12.FR@MIAGE.UNIV-PARIS12.FR
Twice? Hmm...
> V4-ticket file: /tmp/tkt1000
> klist: No ticket file (tf_util)
>
> Here's my /etc/krb5.conf:
>
> $ more /etc/krb5.conf
> [libdefaults]
> default_realm = MIAGE.UNIV-PARIS12.FR
>
> [realms]
> MIAGE.UNIV-PARIS12.FR = {
> kdc = tse4
> admin_server = tse4
> default_domain = miage.univ-paris12.fr
> }
>
> [domain_realm]
> .miage.univ-paris12.fr = MIAGE.UNIV-PARIS12.FR
> miage.univ-paris12.fr = MIAGE.UNIV-PARIS12.FR
Should be fine AFAICT.
> On -current I have no such problem.
> Is it related to pam not being present on 2.0?
I don't think so.
Cheers, Jukka
--
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~