DNS is OK. I run kinit on client.example.com. Access client.example.com from node.example.com:
> ssh -v [email protected] > debug1: Authentications that can continue: > publickey,gssapi-with-mic,password > debug1: Next authentication method: gssapi-with-mic > debug1: Unspecified GSS failure. Minor code may provide more information > Credentials cache file '/tmp/krb5cc_0' not found > > debug1: Unspecified GSS failure. Minor code may provide more information > Credentials cache file '/tmp/krb5cc_0' not found > > debug1: Unspecified GSS failure. Minor code may provide more information > It seems the ssh-client was trying to load /tmp/krb5cc_0. I don't run kinit on node.example.com, so there is such file. But I can find it on the client.example.com. Can node.example.com access client.example.com without any ipa configuration? Do I need to install ipa-client on the node.example.com? The document is wrong? On Sat, Jan 23, 2010 at 11:54 AM, Scott <[email protected]> wrote: > > first I would verify that dns is functional both forward and reverse. > > If that is okay try doing a kinit first then try to connect. > > > Sent from my iPhone > > On Jan 22, 2010, at 7:34 PM, Michael Kang <[email protected]> wrote: > > Hi all, > > I'm trying to configure client ssh access on Fedora 12 and I can't access > ipaclient without password. > > I'm following this document: > > <http://freeipa.org/docs/1.2/Client_Setup_Guide/en-US/html/sect-Client_Configuration_Guide-Configuring_Fedora_as_an_IPA_Client-Configuring_Client_SSH_Access.html> > http://freeipa.org/docs/1.2/Client_Setup_Guide/en-US/html/sect-Client_Configuration_Guide-Configuring_Fedora_as_an_IPA_Client-Configuring_Client_SSH_Access.html > > At the end of this document: > >> The IPA client should now be fully configured to accept incoming >> SSHconnections and authenticate with the user's >> Kerberos credentials. Use the following command on another machine to >> test the configuration. This should succeed without asking for a password. >> > # ssh <[email protected]>[email protected] > > As I see it, another machine don't need to install any ipa software and it > can access ipaclient without password. > > I have three Fedora machine: > > - <http://ipa.example.com>ipa.example.com(IPA Server) > - <http://client.example.com>client.example.com(IPA Client) > - <http://node.example.com>node.example.com(another machine which was > not installed ipa-client or ipa-server) > > The <http://client.example.com>client.example.com can access > <http://ipa.example.com>ipa.example.com without password. But the > <http://node.example.com>node.example.com can't access > <http://client.example.com>client.example.com. > > Do I misunderstand the document or configure incorrect? > > Thanks, > Michael > > -- > Michael Kang(康上明学) > There is a giant asleep within every man. When the giant awakens,miracles > happen. > > Personal blog: <http://ufusion.org>http://ufusion.org - United Fusion > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users > > -- Michael Kang(康上明学) There is a giant asleep within every man. When the giant awakens,miracles happen. Personal blog: http://ufusion.org - United Fusion
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
