openssh-2.9p2 with PAM and Kerberos 5 on Solaris 8

[Shigeki Misawa]

Hi.

Has anyone been able to get Openssh-2.9p2 or p1 or Openssh-2.5.2p2 to
work with the Kerberos 5 PAM on Solaris 8 ? More specifically, I am
trying to get the system to work with Kerberos 5 only (no pam_unix).

My attempts to get things running result in the following messages
from ssh (client side):

> user at ssh-gateway's password: 
> client: Requesting pty.
> client: Requesting X11 forwarding with authentication spoofing.
> client: Requesting shell.
> client: Entering interactive session.
> Last login: Mon Jun 18 13:01:05 2001 from client.domain
> debug1: PAM establishing creds
> Command terminated on signal 10.

On the server side I get:

> debug1: PAM setting tty to "/dev/pts/4"
> debug1: PAM establishing creds
> debug1: Entering interactive session.
> debug1: fd 9 setting O_NONBLOCK
> debug1: fd 10 IS O_NONBLOCK
> debug1: server_init_dispatch_13
> debug1: server_init_dispatch_15
> debug1: Received SIGCHLD.
> debug1: End of interactive session; stdin 0, stdout (read 93, sent 93), stderr 0 bytes.
> 

I am running with a /etc/pam.conf file as follows:

other  auth required   /usr/lib/security/$ISA/pam_krb5.so.1
other  account required /usr/lib/security/$ISA/pam_krb5.so.1
other  session required /usr/lib/security/$ISA/pam_krb5.so.1
other  password required /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass

The system is running with the latest PAM patch 109805-03

Other things of interest are, kinit works fine and in
/var/adm/messages I see messages like :

Jun 18 13:08:49 ssh-server sshd[1406]: [ID 390226 user.error] PAM-KRB5:Could not obtain principal name

Also, if I configure things to run with only pam_unix everything works.

Any suggestions would be appreciated.

Thanks.


Shigeki Misawa
RHIC Computing Facility
Brookhaven National Laboratory