Posted by Pepijn Oomen
After yet another day of changing sshd_config, pam configuration and an infinite amount of restarts of the SSH daemon, I found a more elegant way of actually getting a SSH enabled host to work as a basecamp for users that are not able to generate proper Kerberos tickets on their local workstation (that is, Windows 2000 users not connected to an AD domain).
Posted by Pepijn Oomen
This one I actually only solved today, after struggling with a Debian Woody installation and comparing this with a previously installed Sarge. On Sarge I found that enabling the libpam-krb5 module did not seem to have the desired effect, that is, retaining the ticket given when the use authorizes itself. The provided upstream README says:
Read more...session module: This is complete (both functions just return success).
Posted by Pepijn Oomen
Traditionally Unix uses a passwd file to lookup user information. More recent versions use a separate shadow file for password storage. Although the passwords are not stored in cleartext, both methods do perform a security risk. On a reasonably large network this also provides a maintenance burden since all accounts need to be defined and maintained on each system.
