I am using mit-krb5 1.6.3 on gentoo and trying to follow the "Instructions" at http://wiki.hcoop.net/MemberManual/ShellAccess/PasswordlessLogin.
When I ssh to mire using a standard password login everything works fine. When I ssh to mire using kereberos credentials, the login succeeds but I don't automatically get write access to my home directory from my login shell. Any suggestions? Why aren't my kerberos credentials being forwarded to mire's AFS? Andrew $ kinit [email protected] # get kerberos ticket Password for [email protected]: ******** $ klist # confirm that we have tickets Ticket cache: FILE:/tmp/krb5cc_1001 Default principal: [email protected] Valid starting Expires Service principal 06/29/09 16:19:27 06/30/09 02:19:27 krbtgt/[email protected] renew until 06/30/09 16:19:24 $ cat ~/.ssh/config # my local configuration for a passwordless mire login # need to "kinit [email protected] first" Host hcoop HostName mire.hcoop.net GSSAPIAuthentication yes GSSAPIDelegateCredentials yes GSSAPITrustDns no User andrew $ ssh -v hcoop # do passwordless mire login OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /home/andrew/.ssh/config debug1: Applying options for hcoop debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to mire.hcoop.net [69.90.123.68] port 22. debug1: Connection established. debug1: identity file /home/andrew/.ssh/identity type -1 debug1: identity file /home/andrew/.ssh/id_rsa type -1 debug1: identity file /home/andrew/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debian-9etch3 debug1: match: OpenSSH_4.3p2 Debian-9etch3 pat OpenSSH_4* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'mire.hcoop.net' is known and matches the RSA host key. debug1: Found key in /home/andrew/.ssh/known_hosts:22 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,keyboard-interactive debug1: Next authentication method: gssapi-with-mic debug1: Delegating credentials debug1: Delegating credentials debug1: Authentication succeeded (gssapi-with-mic). debug1: channel 0: new [client-session] debug1: Entering interactive session. Last login: Mon Jun 29 16:18:34 2009 from 216.48.162.49 Linux mire 2.6.23.14-grsec #1 SMP Mon Feb 11 18:39:15 EST 2008 i686 and...@mire:~$ klist # login worked but no credentials - did delegating work? klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_10830) Kerberos 4 ticket cache: /tmp/tkt10830 klist: You have no tickets cached and...@mire:~$ touch ttt # can't access home folder on mire because afs can't get credentials touch: cannot touch `ttt': Permission denied _______________________________________________ HCoop-Help mailing list [email protected] https://lists.hcoop.net/listinfo/hcoop-help
