This fixed in. That makes perfect sense, but nothing in the log made me think that this was the problem.
There was an auth_to_local rule setup, which I saved, which did not work. Is this a bug that we need to open a ticket for? Seems like installer is putting an inadequate regular expression in the rule. Thanks! Brian On Feb 18, 2013, at 7:35 PM, Rob Crittenden <[email protected]> wrote: > Brian Cook wrote: >> More info - attached var/log/secure, and sshd_config. >> >> Password authentication works, just gssapi fails. in the securecrt provided >> I have disabled password auth as an option > > Create a .k5login in the home directory of your user. What I did was log in > as [email protected] using the password, create .k5login > containing that principal, log out, then I was able to log back in using SSO. > > You should be able to add something like this to /etc/krb5.conf if you have a > lot of users you want to do SSO: > > auth_to_local = > RULE:[1:$1@$0](^.*@TRUSTED.DOMAIN$)s/@TRUSTED.DOMAIN/@trusted.domain/ > auth_to_local = DEFAULT > > See 'info krb5-admin "Configuration Files" "krb5.conf" "realms (krb5.conf)"' > for more details and examples for auth_to_local. > > rob > >> >> >> >> >> >> >> >> On Feb 18, 2013, at 3:58 PM, Brian Cook <[email protected]> wrote: >> >>> I am trying to ssh from Windows - > IPA server using GSS-API. I've tried >>> putty, which provides very little debug out. I then downloaded securecrt >>> which provides more output. >>> >>> On the server side, I just see postponed gss-with-mic and then a failure >>> message. I'm attaching the output from securecrt. Any help would be >>> greatly appreciated. >>> >>> Thanks, >>> Brian >>> >>> <securecrt-out.rtf>_______________________________________________ >>> Freeipa-users mailing list >>> [email protected] >>> https://www.redhat.com/mailman/listinfo/freeipa-users >> >> >> >> _______________________________________________ >> Freeipa-users mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/freeipa-users >> >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
