[Freeipa-users] Solaris 10 client auth (ssh + kerberos) not working
Natxo Asenjo
natxo.asenjo at gmail.com
Tue Sep 9 09:12:25 UTC 2014
On Mon, Sep 8, 2014 at 11:44 AM, Gerardo Padierna <asl.gerardo at gmail.com>
wrote:
> Hello folks,
>
hi,
I'm setting up an IPA-server instance aimed to be used primarily for
> Linux/Unix clients ssh authentication (with kerberos).
> I've managed to successfully set up debian clients (via sssd and also on
> older debians, through libnss and pam_krb5). But for some reason I can't
> authenticate ssh on Solaris10 clients.
> On the Solaris box, I've followed the steps outiined here:
> http://www.freeipa.org/page/ConfiguringUnixClients
> and the nss part works fine (things like getent [group | passwd] and id
> <user> work), but unfortunaltely, the ssh user authentication fails with an
> error:
> sshd auth.error PAM-KRB5 (auth): krb5_verify_init_creds failed: No such
> file or directory
>
> On the solaris clients, does there need to be a keytab in /etc/krb5/
> directory copied over from the IPA server?
>
I have integrated omnios (open solaris derivative) with ipa using these
notes:
http://test.asenjo.nl/index.php/Omnios_ipa_client
that info may or may not be useful for solaris 10 as I have zero experiece
with older solaris versions. But in principle, yes, you need a host keytab
to login using kerberos SSO.
HTH.
--
Regards,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140909/9234ce3d/attachment.htm>
More information about the Freeipa-users
mailing list