Тема: Вход по ssh, используя kerberos AD Win2003
Доброго времени суток, у меня такой вопрос: пробую войти на машину BSD, находящуюся в домене Windows, по ssh, используя auth из pam, но не получается.
Развернут домен на Win2003, добавлен пользователь User. На машине BSD kinit user проходит, DNS работает.
Содержание /etc/pam.d/sshd
# auth
auth sufficient pam_krb5.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass /etc/rc.conf
hostname="gate.kvi.rs"
keymap="ru.koi8-r.kbd"
ifconfig_em0="inet 192.168.1.110 netmask 255.255.255.0"
ifconfig_le0="inet 192.168.0.1/24"
defaultrouter="192.168.1.1"
sshd_enable="YES"
moused_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
gateway_enable="YES"
pf_enable=yes
named_enable=yes
#kdc_enable="YES"
ntpdate_enable="yes"
ntpdate_program="/usr/sbin/ntpdate"
ntpdate_flags="-u 1.pool.ntp.org 2.pool.ntp.org"
slapd_enable="yes" /etc/ssh/sshd_config не правил
ssh -vv user@gate :
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 60
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: send packet: type 61
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 60
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: send packet: type 61
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive). /etc/krb5.conf
[libdefaults]
default_realm = KVI.RSИз-за чего может не работать?