[4090] in testers
rsh and ssh
daemon@ATHENA.MIT.EDU (Joseph Sokol-Margolis)
Sat May 22 02:13:34 1999
Message-Id: <199905220613.CAA06375@smoke-screen.mit.edu>
To: testers@MIT.EDU
Date: Sat, 22 May 1999 02:13:11 -0400
From: Joseph Sokol-Margolis <seph@MIT.EDU>
I was logged in on smoke-screen.
I did "rsh smoke-screen"
I got:
1:51 smoke-screen[1]:~% rsh smoke-screen
klogind: User seph@ATHENA.MIT.EDU is not authorized to login to account seph.
Trying krb4 rlogin...
klogind: User seph@ATHENA.MIT.EDU is not authorized to login to account seph.
trying normal rlogin (/usr/bsd/rlogin)
usage: rlogin host [ -ex ] [ -l username ] [ -8 ] [ -L ]
rlogin [ -ex ] [ -l username ] [ -8 ] [ -L ] host
rlogin username@host [ -ex ] [ -8 ] [ -L ]
rsh'ing to no-knife worked fine.
and no, a completely seperate problem
I also tried ssh -v smoke-screen. I got:
smoke-screen.mit.edu: Trying Kerberos V5 TGT passing.
smoke-screen.mit.edu: Kerberos V5 TGT passing was successful.
smoke-screen.mit.edu: Trying Kerberos V5 authentication.
smoke-screen.mit.edu: Kerberos V5 authentication accepted.
smoke-screen.mit.edu: Remote: Kerberos authorization failed.
smoke-screen.mit.edu: Doing password authentication.
This seems rather odd. my .ssh/config says nothing about kerberos, and
the only mention of it in the system configs is "KerberosOrLocalPasswd
yes"
I set kerberos authentication to be okay in .ssh/config, ssh'ed to
smoke-screen, and got the same error.
to recap, cause I'm tired and feel incoherent:
ssh'ing from -> to, did krb5 authentication work?
8.3.3 -> 8.3.3 fails
8.3.3 -> 8.3.2 works
8.3.3 -> 8.2 works
8.3.2 -> 8.3.3 fails
8.3.2 -> 8.3.2 works
8.3.2 -> 8.2 works
I used smoke-screen for all 8.3.3, cvp for all 8.3.2, and no-knife for
all 8.2.
I would guess the problem is somewhere in how 8.3.3's sshd and krb5
stuff interact.
seph