Red Hat Bugzilla – Bug 149074
ssh fails with Kerberos Authentication
Last modified: 2015-01-07 19:09:28 EST
Description of problem:
When using ssh with kerberos authentication and ldap user information,
I am not able to connect. My logs verify that my kerberos password
authenticated, but then I receive an error "Read from remote host
Client: Connection reset by peer Connection to Client closed." My
messages log states unix_chkpwd: could not get username from shadow
(testuser))". My secure log states fatal: "PAM: pam_open_session():
Version-Release number of selected component (if applicable):
every attempt at connection
Steps to Reproduce:
1.install RH v4 with all patches
2.configure with kerberos authentication and ldap user information
3.ssh -vvvv testuser@client
Read from remote host Client: Connection reset by peer
Connection to Client closed
log in and have a user session created
see attached logs
Created attachment 111205 [details]
secure, message logs and ssh -vvvv output
I am experiencing the same problem described above - using krb5 for
authentication, ldap for passwd db.
Any comment from redhat on this??? This bug is keeping us from deploying
RHEL4, feedback would be appreciated.
This doesn't seem to me to be a problem in pam_krb5 as it doesn't return
PAM_PERM_DENIED on pam_open_session calls.
Please attach here your /etc/pam.d/system-auth, /etc/pam.d/sshd and
/etc/secure/limits.conf files. Also are you able to log-in on console with that
Since there are insufficient details provided in this report for us to
investigate the issue further, and we have not received the feedback we
requested, we will assume the problem was not reproduceable or has been fixed in
a later update for this product.
Users who have experienced this problem are encouraged to upgrade to the latest
update release, and if this issue is still reproduceable, please contact the Red
Hat Global Support Services page on our website for technical support options:
If you have a telephone based support contract, you may contact Red Hat at
1-888-GO-REDHAT for technical support for the problem you are experiencing.