Re: Question about GSSAPI with OpenSSH 4.2p1
This is a discussion on Re: Question about GSSAPI with OpenSSH 4.2p1 within the OpenSSH Development forums, part of the Networking and Network Related category; An Ethereal trace on the client would show the Kerberos activity th the KDC and to the sshd. Jason.C....
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-04-2005
|
|||
|
|||
Re: Question about GSSAPI with OpenSSH 4.2p1
An Ethereal trace on the client would show the Kerberos activity th the KDC
and to the sshd. Jason.C.Burns@wellsfargo.com wrote: > Hey all, perhaps someone might be able to shed a little light on this > problem. Nothing I find in books and groups seem to address the > problem. I'm trying to set up a series of connections with ssh that > authenticate through GSSAPI. However, it seems that the credentials are > not getting passed. > >>From the client.. > > debug1: Next authentication method: gssapi-with-mic > debug2: we sent a gssapi-with-mic packet, wait for reply > debug1: Delegating credentials > debug1: Delegating credentials > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password,keyboard-interactive > > So we can see that the client is configured to send the tickets > across... > >>From the Server... > > debug1: userauth-request for user <user>/<domain> service ssh-connection > method gssapi-with-mic > debug1: attempt 1 failures 1 > debug2: input_userauth_request: try method gssapi-with-mic > Postponed gssapi-with-mic for <user>/<domain> from xxxx port x ssh2 > debug1: Got no client credentials > Failed gssapi-with-mic for <user>/<domain> from xxxxx port x ssh2 > debug1: userauth-request for user <user>/<domain> service ssh-connection > method keyboard-interactive > > What does 'Got no client credentials' mean? The client is sending them, > so where do they go? > > Checking the ticket cache on the client... > > # klist > Credentials cache: FILE:/tmp/krb5cc_xxx > Principal: <user>/<domain>@<realm> > > Issued Expires Principal > Nov 3 17:36:40 Nov 4 03:36:40 krbtgt/domain@realm > Nov 3 17:37:52 Nov 4 03:36:40 host/<machine>@<realm> > > So it's even getting the ticket for the machine it is trying to go to > using the tgt from the kinit. > > Any ideas? I'm starting to bang my head against the wall here. > > Thanks! > > Jason > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@mindrot.org > http://www.mindrot.org/mailman/listi...enssh-unix-dev > > -- Douglas E. Engert <DEEngert@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org http://www.mindrot.org/mailman/listi...enssh-unix-dev 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 08:16 AM.
