-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 31 Jul 2003, Chris Clausen wrote:
> Lukas Kubin <[EMAIL PROTECTED]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On Thu, 31 Jul 2003, Christopher D. Clausen wrote: > > > >> Did you do "apt-get install ssh-krb5" ? > > > > Yes, I did. Both on client and server. > > > >> And then use ssh -K -l root theremoteserver > > > > I tried. > > > >> Oh, you probably need host keys in /etc/krb5.keytab for the server > >> machine (and possibly the client). > > > > How do I do It? I did ktadd on the kdc server for > > [EMAIL PROTECTED], saved it to a temporary keytab file, then I > > transfered it to the /etc/krb5.keytab on client. > > Is there somethin similar I have to do on the remote server? (which is > > also the kdc and kadmin server) > > > Not a key for your user, a key for the server. > > You must create a host principal, in the form host/fqdn > for example, from admin: > kadmin: addprinc -randkey host/sleepless.acm.uiuc.edu > kadmin: ktadd -k /tmp/krb5.keytab host/sleepless.acm.uiuc.edu I did, providing that "sleepless..." is the host I need to connect from, ie. the client. > Securely copy this file to /etc/krb5.keytab on your server. Also, edit > /etc/hosts and MAKE SURE the Fully Qualified Domain Name of the machine > is listed before any short names or things will not work. The Debian > configure script like to change this quite a bit. To which server should I copy it? To the one I want to connect to as root? I did it. > Does kerberized ssh work for you is you are ssh-ing to your own account > on the remote machine? B/c just added your user principal to > /root/.k5login should allow you into the root account without any > additional effort. No. I created an account with the same username as my principal is and tried to connect. Unsuccessfully. I will try to describe it simply to see whether I understand it or not: - - <client> is hostname of computer I connect as normal user from - - <server> is hostname of computer I need to connect to as user root - - <myprincipal> is my K5 principal 1. In kadmin I create host/<client>@REALM principal 2. In kadmin I "ktadd -k /tmp/keytab host/<client>@REALM" 3. Copy /tmp/keytab to <server>. Since <server> is the same machine I run kadmin.local at, I will just move /tmp/keytab to /etc/krb5.keytab 4. On <server> I put <myprincipal> to .k5login in root's homedir 5. On <client> I get TGT using <myprincipal> 6. On <client> I run "ssh -K root@<server>" This is what I'm doing and it doesn't work. Should I also create krb5.keytab on <client>? If yes, then what key should I put there in? Thank you. lukas > > <<CDC > > > > - -- Lukas Kubin phone: +420596398285 email: [EMAIL PROTECTED] Information centre The School of Business Administration in Karvina Silesian University in Opava Czech Republic http://www.opf.slu.cz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Made with pgp4pine 1.75-6 iD8DBQE/KPFWhukdIiZrwu4RAmaZAJ99e5QcfvS2Gis2EgqaFbXj6fk10QCgimZ9 u7EtFUU7GjQZBhoLw1OphTU= =7QLo -----END PGP SIGNATURE----- ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
