Brian Cook wrote:
More info - attached var/log/secure, and sshd_config.

Password authentication works, just gssapi fails.  in the securecrt provided I 
have disabled password auth as an option

Create a .k5login in the home directory of your user. What I did was log in as administrat...@ad.example.com using the password, create .k5login containing that principal, log out, then I was able to log back in using SSO.

You should be able to add something like this to /etc/krb5.conf if you have a lot of users you want to do SSO:

auth_to_local = RULE:[1:$1@$0](^.*@TRUSTED.DOMAIN$)s/@TRUSTED.DOMAIN/@trusted.domain/
    auth_to_local = DEFAULT

See 'info krb5-admin "Configuration Files" "krb5.conf" "realms (krb5.conf)"' for more details and examples for auth_to_local.

rob








On Feb 18, 2013, at 3:58 PM, Brian Cook <bc...@redhat.com> wrote:

I am trying to ssh from Windows - > IPA server using GSS-API.  I've tried 
putty, which provides very little debug out.  I then downloaded securecrt which 
provides more output.

On the server side, I just see postponed gss-with-mic  and then a failure 
message.  I'm attaching the output from securecrt.  Any help would be greatly 
appreciated.

Thanks,
Brian

<securecrt-out.rtf>_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to