first I would verify that dns is functional both forward and reverse.

If that is okay try doing a kinit first then try to connect.


Sent from my iPhone

On Jan 22, 2010, at 7:34 PM, Michael Kang <wxi...@gmail.com> wrote:

Hi all,

I'm trying to configure client ssh access on Fedora 12 and I can't access ipaclient without password.

I'm following this document:
http://freeipa.org/docs/1.2/Client_Setup_Guide/en-US/html/sect-Client_Configuration_Guide-Configuring_Fedora_as_an_IPA_Client-Configuring_Client_SSH_Access.html

At the end of this document:
The IPA client should now be fully configured to accept incoming SSH connections and authenticate with the user's Kerberos credentials. Use the following command on another machine to test the configuration. This should succeed without asking for a password.
# ssh ad...@ipaclient.example.com
As I see it, another machine don't need to install any ipa software and it can access ipaclient without password.

I have three Fedora machine:
ipa.example.com(IPA Server)
client.example.com(IPA Client)
node.example.com(another machine which was not installed ipa-client or ipa-server) The client.example.com can access ipa.example.com without password. But the node.example.com can't access client.example.com.

Do I misunderstand the document or configure incorrect?

Thanks,
Michael

--
Michael Kang(康上明学)
There is a giant asleep within every man. When the giant awakens,miracles happen.

Personal blog: http://ufusion.org - United Fusion
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to