[28712] in Kerberos
Passwordless ssh
daemon@ATHENA.MIT.EDU (Jon Reynolds)
Sun Nov 11 03:22:07 2007
Message-ID: <4736B41F.9030006@destar.net>
Date: Sat, 10 Nov 2007 22:49:51 -0900
From: Jon Reynolds <jonr@destar.net>
MIME-Version: 1.0
To: kerberos@mit.edu
Reply-To: jonr@destar.net
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello,
I have been trying to login without having to give a password after I
kinit. I can now login without passwords but I have to kinit on each box
before it will work. Here is what I am doing:
1 box is the KDC
1 box is a remote host on same network
I built my kdc and configured my ssh daemon to use kerberos on both
computers. I created a principal for my username and the two hosts that
I am testing between. I copied the krb5.keytab file to my remote host
and setup the krb5.conf file on the remote host. I have my .k5login file
in my users home directory and I have checked all the paths and verified
all the files in my kdc.conf and my krb5.conf file.
Now, to test, I first do a 'kdestroy' then I kinit. After this is done I
can ssh from my KDC to my remote host and I am not asked to enter my
password. But, if I try to ssh back to the KDC from the remote host I
just logged into, it will ask me for a password. I can stop this
behavior if I 'kinit' on the remote host. Then for the life of the
ticket I can ssh back and forth between the two boxes without being
asked to enter a password.
I would like to be able to 'kinit' one time and not have to do it on
each and every host. So, I must have screwed up somewhere or didn't
understand what I was reading.
Can anyone see my mistake or is there more information that someone
would need to help me?
Thanks for any help,
Jon
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
