This fixed in. That makes perfect sense, but nothing in the log made me think
that this was the problem.
There was an auth_to_local rule setup, which I saved, which did not work. Is
this a bug that we need to open a ticket for? Seems like installer is putting
an inadequate regular expression in the rule.
On Feb 18, 2013, at 7:35 PM, Rob Crittenden <rcrit...@redhat.com> wrote:
> Brian Cook wrote:
>> More info - attached var/log/secure, and sshd_config.
>> Password authentication works, just gssapi fails. in the securecrt provided
>> I have disabled password auth as an option
> Create a .k5login in the home directory of your user. What I did was log in
> as administrat...@ad.example.com using the password, create .k5login
> containing that principal, log out, then I was able to log back in using SSO.
> You should be able to add something like this to /etc/krb5.conf if you have a
> lot of users you want to do SSO:
> auth_to_local =
> auth_to_local = DEFAULT
> See 'info krb5-admin "Configuration Files" "krb5.conf" "realms (krb5.conf)"'
> for more details and examples for auth_to_local.
>> On Feb 18, 2013, at 3:58 PM, Brian Cook <bc...@redhat.com> wrote:
>>> I am trying to ssh from Windows - > IPA server using GSS-API. I've tried
>>> putty, which provides very little debug out. I then downloaded securecrt
>>> which provides more output.
>>> On the server side, I just see postponed gss-with-mic and then a failure
>>> message. I'm attaching the output from securecrt. Any help would be
>>> greatly appreciated.
>>> Freeipa-users mailing list
>> Freeipa-users mailing list
Freeipa-users mailing list