[Freeipa-users] logging on via ssh using a new account that has an expired password fails
Rob Crittenden
rcritten at redhat.com
Thu Sep 18 13:37:31 UTC 2008
Ivan Levchenko wrote:
> On Thu, Sep 18, 2008 at 4:09 PM, Ivan Levchenko <levchenko.i at gmail.com> wrote:
>> On Thu, Sep 18, 2008 at 3:56 PM, Rob Crittenden <rcritten at redhat.com> wrote:
>>
>>> http://freeipa.org/page/AdministratorsGuide#Using_Password_Authentication
>>>
>>> Basically, set ChallengeResponseAuthentication to "yes" in
>>> /etc/sshd/sshd_config
>>>
>>> rob
>>>
>
> Works as expected =)
>
> but it asked for a password, even though klist shows that I have a
> ticket.. but as long as I can log in, i'm good to go.
>
Do you have a keytab with a host/ service ticket installed on the remote
server you are ssh'ing into?
You might want to use ssh -v to see if it is trying a GSSAPI authentication.
This should work without prompting for a password (except the case of a
password reset).
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20080918/51c75b29/attachment.bin>
More information about the Freeipa-users
mailing list