[32914] in Kerberos
Re: krb5+Ubuntu (maverick, jaunty (LTS))+ssh
daemon@ATHENA.MIT.EDU (Brian Candler)
Sat Nov 20 03:58:42 2010
Date: Sat, 20 Nov 2010 08:58:29 +0000
From: Brian Candler <B.Candler@pobox.com>
To: Thomas Schweikle <tps@vr-web.de>
Message-ID: <20101120085829.GA2694@talktalkplc.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <8knasdFhq8U1@mid.individual.net>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Fri, Nov 19, 2010 at 02:03:09PM +0100, Thomas Schweikle wrote:
> I can log in from maverick to maverick machines. No problem.
> kerberos does what it is expected to do.
>
> I can't log in from any jaunty (10.04.1 LTS) machine to any other
> machine using kerberos. I am handled a session key, but
> authenticating against any of the jaunty-machines fails. ssh falls
> back to password authentication.
Sorry to state the obvious, but have you set
Host *
...
GSSAPIAuthentication yes
in /etc/ssh/ssh_config ?
What does ssh -v <host> show when you try to connect?
> The kerberos server on jaunty seems to work as expected, but the
> client and GSSAPI seems badly broken.
10.04.1 LTS isn't Jaunty, it's Lucid. "cat /etc/lsb-release" to see what you
have.
I have a Lucid client which can quite happily kinit to Active Directory, and
ssh to RedHat machines using its Kerberos ticket.
Regards,
Brian.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos