kerberos authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

im just starting with kerberos, so im probably missing something obvious
here.

server:
PasswordAuthentication no
KerberosAuthentication yes
KerberosOrLocalPasswd no
KerberosTicketCleanup yes


client: (night:crawler 192.168.10.102)
~/.ssh/config
GSSAPIAuthentication yes

client:
[kerberos-test@night_crawler ~]$ kinit kerberos-test
kerberos-test@xxxxxxxxxxxxxx's Password: 
[kerberos-test@night_crawler ~]$ klist
Credentials cache: FILE:/tmp/krb5cc_1013
        Principal: kerberos-test@xxxxxxxxxxxxxx

  Issued           Expires          Principal
Nov 27 13:14:34  Nov 27 23:14:34  krbtgt/LOCALDOMAIN.DE@xxxxxxxxxxxxxx



ssh wf
Permission denied (publickey,gssapi-with-mic).


 klist
Credentials cache: FILE:/tmp/krb5cc_1013
        Principal: kerberos-test@xxxxxxxxxxxxxx

  Issued           Expires          Principal
Nov 27 13:14:34  Nov 27 23:14:34  krbtgt/LOCALDOMAIN.DE@xxxxxxxxxxxxxx
Nov 27 13:15:03  Nov 27 23:14:34  host/wf.localdomain.de@xxxxxxxxxxxxxx



server:
kdc.log
2008-11-27T13:14:34 sending 493 bytes to IPv4:192.168.10.102
2008-11-27T13:14:34 AS-REQ kerberos-test@xxxxxxxxxxxxxx from
IPv4:192.168.10.102 for krbtgt/LOCALDOMAIN.DE@xxxxxxxxxxxxxx
2008-11-27T13:14:34 Client sent patypes: encrypted-timestamp
2008-11-27T13:14:34 Looking for PKINIT pa-data --
kerberos-test@xxxxxxxxxxxxxx
2008-11-27T13:14:34 Looking for ENC-TS pa-data --
kerberos-test@xxxxxxxxxxxxxx
2008-11-27T13:14:34 ENC-TS Pre-authentication succeeded --
kerberos-test@xxxxxxxxxxxxxx using aes256-cts-hmac-sha1-96
2008-11-27T13:14:34 Client supported enctypes: aes256-cts-hmac-sha1-96,
aes128-cts-hmac-sha1-96, des3-cbc-sha1, des3-cbc-md5, arcfour-hmac-md5,
des-cbc-md5, des-cbc-md4, des-cbc-crc
2008-11-27T13:14:34 Using
aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2008-11-27T13:14:34 AS-REQ authtime: 2008-11-27T13:14:34 starttime:
unset endtime: 2008-11-27T23:14:34 renew till: unset
2008-11-27T13:14:34 sending 688 bytes to IPv4:192.168.10.102
2008-11-27T13:15:03 TGS-REQ kerberos-test@xxxxxxxxxxxxxx from
IPv4:192.168.10.102 for host/wf.localdomain.de@xxxxxxxxxxxxxx
[canonicalize]
2008-11-27T13:15:03 TGS-REQ authtime: 2008-11-27T13:14:34 starttime:
2008-11-27T13:15:03 endtime: 2008-11-27T23:14:34 renew till: unset
2008-11-27T13:15:03 sending 683 bytes to IPv4:192.168.10.102




after the ssh connect the principal wf (ssh server) is listed, but why
is ssh not connecting?
[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux