Yes, I can. thanks alex for your help. Let me know what needs to be done. [r...@deploy1.ops tsinha]# kvno -S host mstageegw3.example.com kvno: invalid option -- S usage: kvno [-4 | [-c ccache] [-e etype] [-k keytab]] service1 service2 ... [r...@deploy1.ops tsinha]#
On Wed, Dec 5, 2018 at 4:28 PM Alexander Bokovoy <aboko...@redhat.com> wrote: > On ke, 05 joulu 2018, tarak sinha via FreeIPA-users wrote: > >Hi Guys, > > > >I am having issue to ssh with one host with SSO, all the users are able to > >ssh without asking password but only my userid having issue with asking > >password, I have tried to do kdestroy and did kinit again with userid > along > >with REALM but did not work. if you have any suggestions please let me > know > >to check further. > > > >Here it is output for ssh connection which asking password, > >----snip---- > > > >debug1: Authentications that can continue: > >publickey,gssapi-keyex,gssapi-with-mic,password > >debug1: Next authentication method: gssapi-with-mic > >debug1: Unspecified GSS failure. Minor code may provide more information > >Server not found in Kerberos database > ^^ this is your problem. > > Can you show output of > > kvno -S host mstageegw3.example.com > > on your client from where you do SSH? > > > > >debug1: Unspecified GSS failure. Minor code may provide more information > >Server not found in Kerberos database > >debug1: Unspecified GSS failure. Minor code may provide more information > >Server not found in Kerberos database > >debug2: we did not send a packet, disable method > >debug1: Next authentication method: publickey > >debug1: Offering public key: /uhome/aalevoor/.ssh/id_rsa > >debug2: we sent a publickey packet, wait for reply > >debug1: Authentications that can continue: > >publickey,gssapi-keyex,gssapi-with-mic,password > >debug1: Trying private key: /uhome/aalevoor/.ssh/id_dsa > >debug2: we did not send a packet, disable method > >debug1: Next authentication method: password > >aalev...@mstageegw3.example.com's password: > >debug2: we sent a password packet, wait for reply > >debug1: Authentication succeeded (password). > >debug1: channel 0: new [client-session] > >debug2: channel 0: send open > >debug1: Entering interactive session. > >debug2: callback start > >debug2: client_session2_setup: id 0 > >debug2: channel 0: request pty-req confirm 0 > >debug2: channel 0: request shell confirm 0 > >debug2: fd 4 setting TCP_NODELAY > >debug2: callback done > >debug2: channel 0: open confirm rwindow 0 rmax 32768 > >debug2: channel 0: rcvd adjust 2097152 > >Last login: Wed Dec 5 01:53:06 2018 from 10.22.6.70 > > > >-- > > > >*Thanks,* > > > >*TS* > > >_______________________________________________ > >FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > >To unsubscribe send an email to > freeipa-users-le...@lists.fedorahosted.org > >Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > >List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > >List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > > > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland > -- *Thanks,* *Tarak Nath Sinha* *Mobile: **+91 8197522750*
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org