Victor Sudakov wrote:
> > Against what gssapi library is your ssh linked
> Heimdal 1.5.2 from the FreeBSD 10.3 base system.
> > and what does ssh -vvv
> > reveal why gssapi does not proceed?
> Next time a service ticket expires, I'll post it here. But don't hold
> your breath, it's probably going to be something stupid like
> 'miscellaneous failure, see text'
Below is what "ssh -vvv" reveals:
debug3: receive packet: type 51
debug1: Authentications that can continue:
debug3: start over, passed a different list
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: The context has expired
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/sudakov/.ssh/id_rsa
Now if I destroy the expired ticket by "kdestroy --credential=host/techno..."
a new ticket is received and gssapi-with-mic is again successful until
the new tickets expires again.
I'm beginning to think of a cron job which would destroy hourly all
the service tickets... all except the TGT.
Victor Sudakov, VAS4-RIPE, VAS47-RIPN