[38678] in Kerberos
Re: Unable to SSH with Kerberos user
daemon@ATHENA.MIT.EDU (Rocky Hotas)
Sat Jan 25 12:25:10 2020
MIME-Version: 1.0
Message-ID: <trinity-3de26004-5a83-4fa0-928f-4e6e5d9b3546-1579973096774@3c-app-mailcom-lxa13>
From: "Rocky Hotas" <rockyhotas@post.com>
To: =?UTF-8?Q?=22Patrick_Marc_Preu=C3=9F=22?= <patrick.preuss@gmail.com>
Date: Sat, 25 Jan 2020 18:24:56 +0100
In-Reply-To: <A605957C-A311-4880-A48D-38D29A68F588@gmail.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Sent: Saturday, January 25, 2020 at 5:51 PM
From: "Patrick Marc Preuß" <patrick.preuss@gmail.com>
To: "Rocky Hotas" <rockyhotas@post.com>
Subject: Re: Unable to SSH with Kerberos user
> Hi rocky
Hi :)!
> Have a look into the ssh somewhere around line 115:
> debug1: Next authentication method: gssapi-with-mic
> debug1: Unspecified GSS failure. Minor code may provide more information
> Server host/xubtest.xexample.intk@XEXAMPLE.INTK not found in Kerberos database
> gssapi is selected but not ticket grated due to missing service principal for the server.
Thanks for your patience in looking the logs.
Maybe you meant "granted". Ok! I executed in server `kadmin.local' and:
kadmin.local: addprinc -randkey host/xubtest.xexample.intk
WARNING: no policy specified for host/xubtest.xexample.intk@XEXAMPLE.INTK; defaulting to no policy
Principal "host/xubtest.xexample.intk@XEXAMPLE.INTK" created.
kadmin.local: addprinc -randkey host/xubcl1.xexample.intk
WARNING: no policy specified for host/xubcl1.xexample.intk@XEXAMPLE.INTK; defaulting to no policy
Principal "host/xubcl1.xexample.intk@XEXAMPLE.INTK" created.
Hope this is correct. Then, I tried again with ssh, and this is the
result: https://pastebin.com/vDX0Gt67
The error you mentioned is disappeared, but the behaviour is apparently
the same (password required and permission denied even with the correct
password).
> HTH
Yes, of course! Those principals must be created.
Thanks,
Rocky
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
