[Bug 675448] Re: ssh does not authenticate against kerberos

Thomas Schweikle 675448 at bugs.launchpad.net
Fri Nov 26 13:18:50 GMT 2010

7. This goes out to the maintainer of the package: make the
configuration as minimal as possible. No stuff not necessary (except
comments). No useless entries. This is especially true for
"/etc/krb5.conf"! It isn't helpful at all having a bloated configuration
if you're looking for something like kerberos getting it to work.

Some useful configuration could be:

- snipp -----------------------------------------------------------------------------------------
        default_realm = LOCAL

# The following krb5.conf variables are only for MIT Kerberos.
        krb4_config = /etc/krb.conf
        krb4_realms = /etc/krb.realms
        kdc_timesync = 1
        ccache_type = 4
        forwardable = true
        proxiable = true

# The following libdefaults parameters are only for Heimdal Kerberos.
        v4_instance_resolve = false
        v4_name_convert = {
                host = {
                        rcmd = host
                        ftp = ftp
                plain = {
                        something = something-else
        fcc-mit-ticketflags = true

        LOCAL = {
                kdc = auth.local
                admin_server = auth.local

        .local = LOCAL
        local = LOCAL

        krb4_convert = true
        krb4_get_tickets = false

        default = FILE:/var/log/kerberos/krb5lib.log
- snapp -----------------------------------------------------------------------------------------

The domain could be derived from the computers domain while installing.
The realm could be the uppercase of this domain.

The original file is, in my humble opinion, worth to be installed into
"/usr/share/doc/krb5-config" (or the like).

ssh does not authenticate against kerberos
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.

More information about the Ubuntu-server-bugs mailing list