Victor Sudakov wrote: > > Against what gssapi library is your ssh linked > > Heimdal 1.5.2 from the FreeBSD 10.3 base system. > > > and what does ssh -vvv > > reveal why gssapi does not proceed? > > Next time a service ticket expires, I'll post it here. But don't hold > your breath, it's probably going to be something stupid like > 'miscellaneous failure, see text'
Dear Harald, Below is what "ssh -vvv" reveals: debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,gssapi-with-mic,keyboard-interactive debug3: start over, passed a different list publickey,gssapi-with-mic,keyboard-interactive debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup gssapi-with-mic debug3: remaining preferred: publickey,keyboard-interactive,password debug3: authmethod_is_enabled gssapi-with-mic debug1: Next authentication method: gssapi-with-mic debug1: The context has expired Success debug2: we did not send a packet, disable method debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/sudakov/.ssh/id_rsa Now if I destroy the expired ticket by "kdestroy --credential=host/techno..." a new ticket is received and gssapi-with-mic is again successful until the new tickets expires again. I'm beginning to think of a cron job which would destroy hourly all the service tickets... all except the TGT. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN AS43859