On 10/20/2015 11:18 PM, Sandeep Umesh wrote:
Hello
I am not sure if this has already been discussed over time, but I have a
situation where I am not able to ssh with kerberos principal name.
Here is the scenario -
currently I am using openSSH 6.0 version and I have set the following -
in sshd_config file -
KerberosAuthentication yes
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
in ssh_config file -
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
After I obtain the kerberos TGT using - kinit user_name and try to login
as ssh user_name@hostname, it works fine and I am able to login without a
password prompt .
However, if I try to login as ssh user_name@realm_name@hostname then I am
prompted for the password.
I don't think user@realm@hostname will work.
SSh deals with unix usernames, Kerberos deals with users in realms.
In the general case, you could have username on the client and different
remote username on the server, and principal that does not match either.
Are both the client and server in the same realm?
If the username on the server is not the same as the principal name, you may
need the Kerberos ~/.k5login file in the home directory of the user on the server.
I think the principal name to local name conversation is not happening
properly which I am yet to verify. But is there any other solution
available for this?
Thanks
Regards
Sandeep
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
--
Douglas E. Engert <DEEngert@xxxxxxxxx>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
