[33019] in Kerberos
Re: Kerberos5 + SSH Questions
daemon@ATHENA.MIT.EDU (Brian Candler)
Mon Jan 3 12:55:06 2011
Date: Mon, 3 Jan 2011 17:54:56 +0000
From: Brian Candler <B.Candler@pobox.com>
To: Lee Eric <openlinuxsource@gmail.com>
Message-ID: <20110103175455.GC5473@talktalkplc.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <AANLkTi=Q0bS2uT6Z7K_m=MZt=VryTU9ZEFer5w+5=JNX@mail.gmail.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Mon, Jan 03, 2011 at 09:02:59PM +0800, Lee Eric wrote:
> My server OS is Fedora 14 and Kerberos version is 1.8.2-6 by using RPM
> based. I tried to make SSH combined with Kerberos but it looks like
> the authentication is failure when using Kerberos. Meanwhile, I don't
> know where I did wrong in configuration file.
>
> The attachment is necessary configuration I use.
I didn't see any attachment.
Basic checks are:
* Do you have "GSSAPIAuthentication yes" in /etc/ssh/sshd_config on the
server? (note: not KerberosAuthentication. That is password authentication
checked against the KDC)
* Do you have "GSSAPIAuthentication yes" in /etc/ssh/ssh_config on the
client?
Plus usual kerberos stuff:
* Are your clocks in sync?
* Did the client sucecessfully get a ticket? (kinit)
* Does the server have correct forward and reverse DNS?
To debug this further, I suggest you run a temporary sshd in debugging mode
on a different port on the server:
# /usr/sbin/sshd -d -p99
and on the client:
$ kinit username
$ ssh -p99 -v username@server
Now you should have logs at both the client side and the server side, which
may show what's going wrong.
Regards,
Brian.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
