Hans, Thaks for your help, my sshd_config options match yours, sshd_config doesnt recognises GSSAPIKeyExchange and GSSAPITrustDNS options. I continue to receive the "we sent a gssapi-with-mic packet, wait for reply" DEBUG message and the ssh tries password auth. i saw something related to krb5.keytab, do you know something about this file? thank you, marcello On Mon, Jan 4, 2010 at 3:01 PM, Hans van Zijst <hans@xxxxxxxxxxx> wrote: > Hi Marcello, > > A while ago I created the same construction that you want: ssh to a Linux > machine and login automatically with Kerberos. My KDC also is a Windows 2003 > box with UNIX Services installed. It's been a while, and I don't remember a > lot of details. I remember it did take quit a bit of work though :) > > In the logs you sent, I can't really find anything, but it "feels" like an > incomplete SSH daemon configuration. > > In my sshd-config there are also these lines: > > PasswordAuthentication no > KerberosAuthentication yes > KerberosOrLocalPasswd no > KerberosTicketCleanup yes > GSSAPIAuthentication yes > GSSAPICleanupCredentials yes > > On my client machine, I configured /etc/ssh/ssh_config with: > > GSSAPIKeyExchange yes > GSSAPITrustDNS yes > GSSAPIAuthentication yes > GSSAPIDelegateCredentials yes > > I hope this will help you a bit. If not, please post the configuration of > both the ssh-server and the ssh-client and I'll have a closer look. > > Kind regards, > > Hans > > -- Marcello Mezzanotti <marcello.mezzanotti@xxxxxxxxx> http://blogdomarcello.wordpress.com Information Security UNIX / Linux / *BSD
