OpenSSH and Kerberos / Active Directory authentication problems: Credentials cache permission incorrect / No Credentials Cache found

Darren Tucker dtucker at
Thu Dec 1 09:56:38 EST 2005

On Wed, Nov 30, 2005 at 02:48:43PM -0600, Douglas E. Engert wrote:
> Sort of. Either pam_krb5 (if using "ChallangeResponse yes") or sshd
> directly with "KerberosAuthentication yes" will use the username and password
> to get a ticket granting ticket (TGT).

Minor nitpick: PasswordAuthentication also uses PAM in 3.9p1 and up
(and 3.6.1p2 and below), so for current versions the first part of
that would more correctly be "UsePAM yes" and either (or both) of
"ChallengeResponseAuthentication yes" and "PasswordAuthentication yes".

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list