Re: SSH and Kerberos usage

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 





On 10/20/2015 11:18 PM, Sandeep Umesh wrote:
Hello

I am not sure if this has already been discussed over time, but I have a
situation where I am not able to ssh with kerberos principal name.

Here is the scenario -
currently I am using openSSH 6.0 version and I have set the following -
in sshd_config file -
         KerberosAuthentication yes
         GSSAPIAuthentication yes
         GSSAPICleanupCredentials yes
in ssh_config file -
         GSSAPIAuthentication yes
         GSSAPIDelegateCredentials yes

After I obtain the kerberos TGT using - kinit user_name and try to login
as ssh user_name@hostname, it works fine and I am able to login without a
password prompt .
However, if I try to login as ssh user_name@realm_name@hostname then I am
prompted for the password.

I don't think user@realm@hostname will work.

SSh deals with unix usernames, Kerberos deals with users in realms.
In the general case, you could have username on the client and different
remote username on the server, and principal that does not match either.

Are both the client and server in the same realm?
If the username on the server is not the same as the principal name, you may
need the Kerberos ~/.k5login file in the home directory of the user on the server.


I think the principal name to local name conversation is not happening
properly which I am yet to verify. But is there any other solution
available for this?
Thanks

Regards
Sandeep

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


--

 Douglas E. Engert  <DEEngert@xxxxxxxxx>

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux