I've got everything working at this point using the Debian ssh-krb5 packages, libnss-ldap (for user information), and MIT Kerberos 1.2.5 on 4 machines.
I have a few general questions: 1) Here is the output from klist after logging in via ssh. I have ssh configured to use Kerberos auth, and this appears to be working fine. Here is the output from klist on my mail server: klist: You have no tickets cached Ticket cache: FILE:/tmp/krb5cc_qKxnke Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 08/09/02 11:00:14 08/09/02 21:00:14 [EMAIL PROTECTED] 08/09/02 11:00:14 08/09/02 21:00:14 [EMAIL PROTECTED] But -- why do I have a ticket with the host/... principal? Perhaps someone could clue me in on this, or help me determine what's wrong (if anything). 2) I've set up DNS with the various entries needed by Kerberos. How much of Kerberos uses this DNS information? How much can I leave out of the configuration files on each host? I'm sure I had another question, but it's eluding me for the moment... -- Josh Huber ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
