[32916] in Kerberos
Re: krb5+Ubuntu (maverick, jaunty (LTS))+ssh
daemon@ATHENA.MIT.EDU (Brian Candler)
Sun Nov 21 13:46:30 2010
Date: Sun, 21 Nov 2010 18:46:17 +0000
From: Brian Candler <B.Candler@pobox.com>
To: Thomas Schweikle <tps@vr-web.de>
Message-ID: <20101121184617.GA3754@talktalkplc.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <8kqtrrF3fmU1@mid.individual.net>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Sat, Nov 20, 2010 at 10:45:31PM +0100, Thomas Schweikle wrote:
> Something about no GSSAPI environment. I'll post the whole thing
> Tomorrow --- I'll need access to the systems.
Another trick is to run another instance of sshd, on another port, in debug
mode: e.g.
# sshd -p 99 -d
Then when you ssh -v -p 99 <user>@<hostname> you will also get debug output
from the server side.
You need 'GSSAPIAuthentication yes' in /etc/ssh/sshd_config at the server
side, but presumably you have that as some of the combinations do work.
(Not 'KerberosAuthentication yes' - that just does password authentication
with the KDC as the password oracle)
HTH,
Brian.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
