Question about GSSAPI with OpenSSH 4.2p1

Hey all, perhaps someone might be able to shed a little light on this
problem. Nothing I find in books and groups seem to address the
problem. I'm trying to set up a series of connections with ssh that
authenticate through GSSAPI. However, it seems that the credentials are
not getting passed.

>From the client..

debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Delegating credentials
debug1: Delegating credentials
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password,keyboard-interactive

So we can see that the client is configured to send the tickets
across...

>From the Server...

debug1: userauth-request for user <user>/<domain> service ssh-connection
method gssapi-with-mic
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method gssapi-with-mic
Postponed gssapi-with-mic for <user>/<domain> from xxxx port x ssh2
debug1: Got no client credentials
Failed gssapi-with-mic for <user>/<domain> from xxxxx port x ssh2
debug1: userauth-request for user <user>/<domain> service ssh-connection
method keyboard-interactive

What does 'Got no client credentials' mean? The client is sending them,
so where do they go?

Checking the ticket cache on the client...

# klist
Credentials cache: FILE:/tmp/krb5cc_xxx
Principal: <user>/<domain>@<realm>

Issued Expires Principal
Nov 3 17:36:40 Nov 4 03:36:40 krbtgt/domain@realm
Nov 3 17:37:52 Nov 4 03:36:40 host/<machine>@<realm>

So it's even getting the ticket for the machine it is trying to go to
using the tgt from the kinit.

Any ideas? I'm starting to bang my head against the wall here.

Thanks!

Jason

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev