[32915] in Kerberos
Re: krb5+Ubuntu (maverick, jaunty (LTS))+ssh
daemon@ATHENA.MIT.EDU (Thomas Schweikle)
Sat Nov 20 23:03:50 2010
From: Thomas Schweikle <tps@vr-web.de>
Date: Sat, 20 Nov 2010 22:45:31 +0100
Message-ID: <8kqtrrF3fmU1@mid.individual.net>
Mime-Version: 1.0
In-Reply-To: <mailman.414.1290243517.20243.kerberos@mit.edu>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Am 20.11.2010 09:58, schrieb Brian Candler:
> On Fri, Nov 19, 2010 at 02:03:09PM +0100, Thomas Schweikle wrote:
>> I can log in from maverick to maverick machines. No problem.
>> kerberos does what it is expected to do.
>>
>> I can't log in from any jaunty (10.04.1 LTS) machine to any other
>> machine using kerberos. I am handled a session key, but
>> authenticating against any of the jaunty-machines fails. ssh falls
>> back to password authentication.
>
> Sorry to state the obvious, but have you set
>
> Host *
> ...
> GSSAPIAuthentication yes
>
> in /etc/ssh/ssh_config ?
I've set it and it was automatically set by installing the packages.
> What does ssh -v <host> show when you try to connect?
Something about no GSSAPI environment. I'll post the whole thing
Tomorrow --- I'll need access to the systems.
>> The kerberos server on jaunty seems to work as expected, but the
>> client and GSSAPI seems badly broken.
>
> 10.04.1 LTS isn't Jaunty, it's Lucid. "cat /etc/lsb-release" to see what you
> have.
Uhhhgg! Yes it's right. Mkixed up the names. My fault!
> I have a Lucid client which can quite happily kinit to Active Directory, and
> ssh to RedHat machines using its Kerberos ticket.
That's what is curious: kinit works on these machines! I'll get my
tgt, but connections do not work. Only 10.10 to 10.10 does what is
expected. 10.10 to 10.04.1 does not as 10.04.1 to 10.10 or 10.04.1.
--
Thomas
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
