[33031] in Kerberos
Re: Kerberos5 + SSH Questions
daemon@ATHENA.MIT.EDU (Lee Eric)
Tue Jan 4 05:05:51 2011
MIME-Version: 1.0
In-Reply-To: <20110104100103.GA6164@talktalkplc.com>
Date: Tue, 4 Jan 2011 18:05:46 +0800
Message-ID: <AANLkTi=8JWXVmLp6aF9rQs4X088BjP9Qrh6jpTYcy+T1@mail.gmail.com>
From: Lee Eric <openlinuxsource@gmail.com>
To: Brian Candler <B.Candler@pobox.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi mate, I have pasted the configuration file already. Here's the
link: http://mailman.mit.edu/pipermail/kerberos/2011-January/016849.html.
Thanks.
Eric
On Tue, Jan 4, 2011 at 6:01 PM, Brian Candler <B.Candler@pobox.com> wrote:
> On Tue, Jan 04, 2011 at 05:43:22PM +0800, Lee Eric wrote:
>> Thanks mate. Is there anything wrong with my configuration file?
>
> I couldn't see anything, but please run the sshd -p99 test I specified. That
> will almost certainly tell you in plain English what the problem is.
>
>> furthermore, how do you create your keytab?
>
> On the target ssh server:
>
> kadmin -p someone/admin
> addprinc -randkey host/server.example.com
> ktadd host/server.example.com
> ^D
>
> Regards,
>
> Brian.
>
> P.S. if for some reason you can't do it there, then do it somewhere else but
> write the key out to a different file:
>
> ktadd -k /tmp/server.example.com.keytab host/server.example.com
>
> Then copy this file to the ssh server as /etc/krb5.keytab
>
> Make sure it is fully protected!
> chown 0:0 /etc/krb5.keytab
> chmod 400 /etc/krb5.keytab
>
> And securely delete the intermediate copy:
> shred -u /tmp/server.example.com.keytab
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
