[33030] in Kerberos
Re: Kerberos5 + SSH Questions
daemon@ATHENA.MIT.EDU (Brian Candler)
Tue Jan 4 05:01:12 2011
Date: Tue, 4 Jan 2011 10:01:03 +0000
From: Brian Candler <B.Candler@pobox.com>
To: Lee Eric <openlinuxsource@gmail.com>
Message-ID: <20110104100103.GA6164@talktalkplc.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <AANLkTikGwBaB5KHbe17tER59fic0-uTQtQmM=ZFm98gF@mail.gmail.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Tue, Jan 04, 2011 at 05:43:22PM +0800, Lee Eric wrote:
> Thanks mate. Is there anything wrong with my configuration file?
I couldn't see anything, but please run the sshd -p99 test I specified. That
will almost certainly tell you in plain English what the problem is.
> furthermore, how do you create your keytab?
On the target ssh server:
kadmin -p someone/admin
addprinc -randkey host/server.example.com
ktadd host/server.example.com
^D
Regards,
Brian.
P.S. if for some reason you can't do it there, then do it somewhere else but
write the key out to a different file:
ktadd -k /tmp/server.example.com.keytab host/server.example.com
Then copy this file to the ssh server as /etc/krb5.keytab
Make sure it is fully protected!
chown 0:0 /etc/krb5.keytab
chmod 400 /etc/krb5.keytab
And securely delete the intermediate copy:
shred -u /tmp/server.example.com.keytab
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
