[Bug 675448] Re: ssh does not authenticate against kerberos
Thomas Schweikle
675448 at bugs.launchpad.net
Fri Nov 26 13:18:50 GMT 2010
7. This goes out to the maintainer of the package: make the
configuration as minimal as possible. No stuff not necessary (except
comments). No useless entries. This is especially true for
"/etc/krb5.conf"! It isn't helpful at all having a bloated configuration
if you're looking for something like kerberos getting it to work.
Some useful configuration could be:
- snipp -----------------------------------------------------------------------------------------
[libdefaults]
default_realm = LOCAL
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
LOCAL = {
kdc = auth.local
admin_server = auth.local
}
[domain_realm]
.local = LOCAL
local = LOCAL
[login]
krb4_convert = true
krb4_get_tickets = false
[logging]
default = FILE:/var/log/kerberos/krb5lib.log
- snapp -----------------------------------------------------------------------------------------
The domain could be derived from the computers domain while installing.
The realm could be the uppercase of this domain.
The original file is, in my humble opinion, worth to be installed into
"/usr/share/doc/krb5-config" (or the like).
--
ssh does not authenticate against kerberos
https://bugs.launchpad.net/bugs/675448
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
More information about the Ubuntu-server-bugs
mailing list