[30541] in Kerberos
Re: Kerberos auth based on ticket
daemon@ATHENA.MIT.EDU (Rowley, Mathew)
Tue Dec 16 08:40:38 2008
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Tue, 16 Dec 2008 08:39:37 -0500
Message-ID: <7372D9734C591745A4C1D81017D5ABF6090F6B3D@NJCHLEXCMB01.cable.comcast.com>
From: "Rowley, Mathew" <Mathew_Rowley@cable.comcast.com>
To: <ssorce@redhat.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
The hostname includes 'ipa' in it, but IPA is not installed. Sorry for any confusion - it was a box that did, and out of pure laziness, was never re-named.
MAT
MAT
----- Original Message -----From: Simo Sorce <ssorce@redhat.com>To: Rowley, MathewCc: kerberos@mit.edu <kerberos@mit.edu>Sent: Tue Dec 16 08:36:07 2008Subject: Re: Kerberos auth based on ticket
On Tue, 2008-12-16 at 04:48 -0700, Mathew Rowley wrote:> Looks like my problem is ‘Server not found in Kerberos database’. So I am> assuming that I need the server in the kerberos database as well as the> user... Is that done just like adding a principal?> > Sorry, very new to this.
Matthwew, yes, as the freeipa.org (or the Red Hat docs) say you have tocreate a principal for the target machine and obtain a keytab for it.
http://freeipa.org/page/ConfiguringRhelClients#Configuring_Client_SSH_Access
The 2 commands to use here are: ipa-addservice and ipa-getkeytab,given these are custom commands that work only in an ipa context Isuggest you jump on the freeipa-users mailing list if you like.
Simo.
-- Simo Sorce * Red Hat, Inc * New York
________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
