GSSAPI Auth in SSH
This is a discussion on GSSAPI Auth in SSH within the OpenSSH Development forums, part of the Networking and Network Related category; Hello All, I noticed some different behaviour of GSSAPI Authentication mechanism in SSH and like to know the reasons for ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-04-2005
|
|||
|
|||
GSSAPI Auth in SSH
Hello All,
I noticed some different behaviour of GSSAPI Authentication mechanism in SSH and like to know the reasons for such behaviour. If I try GSSAPI auth for a user whose principal is not stored in KDC, the GSSAPI auth method is tried 2 times and it fails. If the user is stored in KDC and not having valid credentials, then SSHD tries GSSAPI one time and fails. The interesting part of this scenario is that client requests two time GSSAPI auth. whether the user is stored in KDC or not and this can be seen in the following debug, debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup gssapi-with-mic debug3: remaining preferred: publickey,keyboard-interactive,password debug3: authmethod_is_enabled gssapi-with-mic debug1: Next authentication method: gssapi-with-mic debug2: we sent a gssapi-with-mic packet, wait for reply debug1: Delegating credentials debug1: Delegating credentials debug1: Authentications that can continue: publickey,gssapi-with-mic,keyboard-interactive debug2: we sent a gssapi-with-mic packet, wait for reply But why there is difference in behaviour of SSHD based on the users availability in KDC? It would be very much helpful to know the reasons for such a behaviour. Thanks, Senthil Kumar. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org http://www.mindrot.org/mailman/listi...enssh-unix-dev 
|
Linear Mode
