[30535] in Kerberos
Re: Kerberos auth based on ticket
daemon@ATHENA.MIT.EDU (Russ Allbery)
Mon Dec 15 19:02:07 2008
To: Mathew Rowley <mathew_rowley@cable.comcast.com>
In-Reply-To: <C56C3B19.4F74%mathew_rowley@cable.comcast.com> (Mathew Rowley's
message of "Mon\, 15 Dec 2008 16\:49\:29 -0700")
From: Russ Allbery <rra@stanford.edu>
Date: Mon, 15 Dec 2008 16:01:17 -0800
Message-ID: <87wse1xa2a.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Mathew Rowley <mathew_rowley@cable.comcast.com> writes:
> Well, that would make sense... Looking at the sshd and ssh configurations,
> it seems to be enabled on both. Is there some configuration I am missing?
>
> [root@ipa01 ~]# grep -i GSSAPI /etc/ssh/ssh_config
> GSSAPIAuthentication yes
> [root@ipa01 ~]# grep -i GSSAPI /etc/ssh/sshd_config
> # GSSAPI options
> GSSAPIAuthentication yes
> GSSAPICleanupCredentials yes
Your original pasted example showed you ssh'ing to user@localhost. Unless
you have a key for localhost in your keytab, that probably isn't going to
work. ssh authenticates to the hostname that you type on the command
line.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
