[33035] in Kerberos
Re: Kerberos5 + SSH Questions
daemon@ATHENA.MIT.EDU (Lee Eric)
Tue Jan 4 06:24:07 2011
MIME-Version: 1.0
In-Reply-To: <20110104111646.GA3858@talktalkplc.com>
Date: Tue, 4 Jan 2011 19:23:59 +0800
Message-ID: <AANLkTinuDwdbMYL8TeyEzRGMxkKH_JetjBvQ6cZg31D_@mail.gmail.com>
From: Lee Eric <openlinuxsource@gmail.com>
To: Brian Candler <B.Candler@pobox.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi mate,
[root@herdingcat ericlee]# ktutil
ktutil: rkt /etc/krb5.keytab
ktutil: l -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 2 host/ns.herdingcat.internal@HERDINGCAT.INTERNAL (AES-256 CTS
mode with 96-bit SHA-1 HMAC)
2 2 host/ns.herdingcat.internal@HERDINGCAT.INTERNAL (AES-128 CTS
mode with 96-bit SHA-1 HMAC)
3 2 host/ns.herdingcat.internal@HERDINGCAT.INTERNAL (Triple DES
cbc mode with HMAC/sha1)
4 2 host/ns.herdingcat.internal@HERDINGCAT.INTERNAL (ArcFour
with HMAC/md5)
5 2 host/ns.herdingcat.internal@HERDINGCAT.INTERNAL (DES with HMAC/sha1)
6 2 host/ns.herdingcat.internal@HERDINGCAT.INTERNAL (DES cbc
mode with RSA-MD5)
ktutil: [root@herdingcat ericlee]#
Yes, it was copy-pasted. So is there anything wrong?
Eric
On Tue, Jan 4, 2011 at 7:16 PM, Brian Candler <B.Candler@pobox.com> wrote:
> On Tue, Jan 04, 2011 at 06:57:20PM +0800, Lee Eric wrote:
>> debug1: Unspecified GSS failure. Minor code may provide more information
>> Key table entry not found
>
> Aha, that's your problem. What does the following show?
>
> # ktutil
> rkt /etc/krb5.keytab
> l -e
> ^D
>
> And what does 'klist' on the client show, after you've attempted to ssh?
>
>> So I notice that it was due to SSH server side cannot find keytab but
>> it exists in /etc/krb5.keytab:
>> -r--------. 1 root root 526 Jan 3 00:58 /etc/krb5.keytab
>
> It can find the keytab, but it can't find the right entry in the keytab.
>
> BTW, was that copy-pasted? I've never seen a '.' after the mode bits before.
>
> Regards,
>
> Brian.
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
