On 10/20/2015 11:18 PM, Sandeep Umesh wrote:
Hello I am not sure if this has already been discussed over time, but I have a situation where I am not able to ssh with kerberos principal name. Here is the scenario - currently I am using openSSH 6.0 version and I have set the following - in sshd_config file - KerberosAuthentication yes GSSAPIAuthentication yes GSSAPICleanupCredentials yes in ssh_config file - GSSAPIAuthentication yes GSSAPIDelegateCredentials yes After I obtain the kerberos TGT using - kinit user_name and try to login as ssh user_name@hostname, it works fine and I am able to login without a password prompt . However, if I try to login as ssh user_name@realm_name@hostname then I am prompted for the password.
I don't think user@realm@hostname will work. SSh deals with unix usernames, Kerberos deals with users in realms. In the general case, you could have username on the client and different remote username on the server, and principal that does not match either. Are both the client and server in the same realm? If the username on the server is not the same as the principal name, you may need the Kerberos ~/.k5login file in the home directory of the user on the server.
I think the principal name to local name conversation is not happening properly which I am yet to verify. But is there any other solution available for this? Thanks Regards Sandeep _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
-- Douglas E. Engert <DEEngert@xxxxxxxxx> _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev