[23796] in Kerberos

home help back first fref pref prev next nref lref last post

Re: openssh single-sing-on problem

daemon@ATHENA.MIT.EDU (Kevin Coffman)
Fri Apr 29 08:49:25 2005

To: Klavs Klavsen <kl@vsen.dk>
In-reply-to: <4271F224.9090404@vsen.dk> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 29 Apr 2005 08:48:13 -0400
From: Kevin Coffman <kwc@citi.umich.edu>
Message-Id: <20050429124813.7AD4C1BAA9@citi.umich.edu>
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu

> on 04/28/05 15:23 Kevin Coffman wrote:
> [SNIP]
> 
> > The client (auth01.example.dk) thinks that the (ssh) server
> > (hostname?) is in a different realm (PROD.DK.EXAMPLE.NET) and is
> > trying to get a cross-realm ticket. Check the [domain_realm]
> > stanza of your /etc/krb5.conf file on the client and make sure that
> > the ssh server's hostname maps to the correct realm (EXAMPLE.DK).
> 
> I checked the krb5.conf on server and client and they seem exactly
> alike to me :(

I see significant differences in the [libdefaults] and [realms] stanzas.
However, the issue is:  what does the client think the ssh server's
hostname is?  It obviously doesn't think it is xxxx.example.dk.
If you figure out what that is and map the name to the EXAMPLE.DK
realm (in the [domain_realm] stanza) then it should work.

You haven't said what you think the server's hostname is, nor what the
client machine thinks it is.

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post